堆栈内存溢出
  简体   繁体   English

打开 TLS 1.0、TLS 1.1、TLS 1.2 ... Asp.NET IIS 10.0

[英]Turn on TLS 1.0, TLS 1.1, TLS 1.2 ... Asp.NET IIS 10.0

 原文  2018-02-26 17:59:50       c#/ asp.net/ asp.net-mvc/ ssl/ tls1.2

问题描述

For months, my web application worked just fine on different versions of IE/Firefox/Chrome.几个月来,我的 Web 应用程序在不同版本的 IE/Firefox/Chrome 上运行良好。 My application is running on IIS 10.0.我的应用程序在 IIS 10.0 上运行。 When I hit the application from a Windows 7 box (IE 11.0.***) everything works fine.当我从 Windows 7 盒子(IE 11.0.***)点击应用程序时,一切正常。 When I hit the application from Windows 10 box (IE 11.2007.14393.0), it just started giving me this error (was working last week):当我从 Windows 10 框(IE 11.2007.14393.0)点击应用程序时,它刚刚开始给我这个错误(上周工作):

This page can't be displayed Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https:// again.无法显示此页面 在高级设置中打开 TLS 1.0、TLS 1.1 和 TLS 1.2,然后再次尝试连接到 https://。 If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure.如果此错误仍然存​​在,则该站点可能使用不受支持的协议或密码套件,例如 RC4(详细信息链接),这被认为是不安全的。 Please contact your site administrator.请联系您的站点管理员。

I have looked this up from many sites and have tried multiple things.我从很多网站上查过这个,并尝试了很多东西。 Ensured TLS settings, setup Registry on Server to allow TLS, etc. As far as I can tell, there were no updates when this occurred.确保 TLS 设置,在服务器上设置注册表以允许 TLS 等。据我所知,发生这种情况时没有更新。 This is an Asp.NET MVC application targeting DNX Core 1 - rc1.这是一个面向 DNX Core 1 - rc1 的 Asp.NET MVC 应用程序。 I did not push any updates to the server when it stopped working.当它停止工作时,我没有向服务器推送任何更新。

On a Windows 7 box, I show in Firefox that it is using TLS 1.2 for this site (and works fine!)在 Windows 7 机器上,我在 Firefox 中显示它正在为此站点使用 TLS 1.2(并且工作正常!)

What could be going on here?这里会发生什么? I'm out of options to try.我没有选择尝试。

4 个解决方案

解决方案1
 6  2019-08-02 13:42:19

Morning, a year and a half later.一年半后的早晨。
I just wanted to share my experience (and solution) with this problem.我只是想分享我对这个问题的经验(和解决方案)。 I'm sure there are many reasons for this happening however one thing that i have consistently noticed is the following: Go into iis manager and select the web site that is causing problems ('Default Web Site' in my case) In the Actions pane on the right under 'Edit Site' click on 'Bindings...' Select the https binding and click 'Edit...' on the right Toggle the 'SSL certificate' selection and click ok If you see an error such as the following: 'There was an error while performing this operation.我确定发生这种情况的原因有很多,但是我一直注意到的一件事如下:进入 iis 管理器并选择导致问题的网站(在我的情况下为“默认网站”)在“操作”窗格中在右侧的“编辑站点”下单击“绑定...” 选择 https 绑定并单击右侧的“编辑...” 切换“SSL 证书”选择并单击确定 如果您看到如下错误: '执行此操作时出错。 Details: A specified logon session does not exist.详细信息:指定的登录会话不存在。 It may already have been terminated.它可能已经被终止。 (Exception from HRESULT: 0x80070520)' What seems to have happened is the certificate has become corrupt for some reason. (来自 HRESULT 的异常:0x80070520)' 似乎发生的情况是证书由于某种原因已损坏。
The only thing that I've been able to do to remediate this issue is to remove the certificate from the server using mmc.exe and the certificates add-in (Console Root\\Certificates (Local Computer)\\Personal\\Certificates\\) and re add it in the same location.为了解决这个问题,我唯一能做的就是使用 mmc.exe 和证书加载项(控制台根\\证书(本地计算机)\\个人\\证书\\)从服务器中删除证书,然后重新将其添加到同一位置。 The TLS error goes away on the web page.网页上的 TLS 错误消失了。

解决方案2
 0  2021-07-20 16:39:58

I struggled with this on a separate issue I was having for over a year with trying to access a web service from some code on my computer.我在一个单独的问题上挣扎了一年多,试图从我的计算机上的一些代码访问网络服务。 The specific web service was the FEMA web mapping service here:具体的网络服务是这里的 FEMA 网络地图服务:

https://hazards.fema.gov/gis/nfhl/services/public/NFHLWMS/MapServer/WMSServer?request=GetCapabilities&service=WMS https://hazards.fema.gov/gis/nfhl/services/public/NFHLWMS/MapServer/WMSServer?request=GetCapabilities&service=WMS

I tried checking all the TLS check boxes in the internet options and tried setting some registry entries and other things recommended on some Microsoft and other web sites and I was still not able to access the service.我尝试检查 Internet 选项中的所有 TLS 复选框,并尝试设置一些注册表项和一些 Microsoft 和其他网站上推荐的其他内容,但我仍然无法访问该服务。 Finally, I came across the suggestion to reset the internet explorer settings as is suggested here:最后,我遇到了重置 Internet Explorer 设置的建议,如下所示:

https://theohbrothers.com/fix-internet-explorer-11-error-this-page-cant-be-displayed-turn-on-tls-1-0-tls-1-1-and-tls-1-2-in-advanced-settings/ https://theohbrothers.com/fix-internet-explorer-11-error-this-page-cant-be-displayed-turn-on-tls-1-0-tls-1-1-and-tls-1- 2-in-advanced-settings/

This fixed my problem and I was able to access the web site.这解决了我的问题,我能够访问该网站。

So here are the specific steps you can try if you're having this problem:因此,如果您遇到此问题,可以尝试以下具体步骤:

  1. From Internet Explorer, go to Tools > Internet Options > Advanced, under Reset Internet Explorer settings, click on Reset.在 Internet Explorer 中,转至工具 > Internet 选项 > 高级,在重置 Internet Explorer 设置下,单击重置。 Or you can just type in internet options in the Windows start search menu to get here.或者,您只需在 Windows 开始搜索菜单中输入 Internet 选项即可到达此处。 In the Reset Internet Explorer settings window, check the box 'Delete personal settings', and click on Reset.在“重置 Internet Explorer 设置”窗口中,选中“删除个人设置”框,然后单击“重置”。

  2. Once done, restart IE11 and try going to the blocked web site.完成后,重新启动 IE11 并尝试访问被阻止的网站。 Things should work now.现在应该可以了。

Actually, after further investigation and as described at the top of this web page , the above solution did not solve my problem.实际上,经过进一步调查并如本网页顶部所述,上述解决方案并没有解决我的问题。 I think the only solution for me may be to upgrade from Windows 7 to Windows 10.我认为对我来说唯一的解决方案可能是从 Windows 7 升级到 Windows 10。

解决方案3
 0  2021-07-26 10:45:58

Check the "key usage" attribute of the certificate bound to website.检查绑定到网站的证书的“密钥用法”属性。 It needs to be Key Encipherment, Data Encipherment.它需要是密钥加密,数据加密。 "Enhanced key usage" attribute needs to be server authentication. “增强型密钥使用”属性需要是服务器认证。

网站证书

解决方案4
 -1  2021-08-19 11:07:02

Since I faced this problem, I have tried my things.自从我遇到这个问题以来,我已经尝试了我的东西。 Import/export certificates, enable/disable Ssl 2.0, Ssl 3.0, TLS 1.1, TLS 1.2 etc. Nothing solved my problem.导入/导出证书,启用/禁用 Ssl 2.0、Ssl 3.0、TLS 1.1、TLS 1.2 等。没有解决我的问题。 (In windows Server 2012). (在 Windows Server 2012 中)。 The following workaround solved the problem.以下解决方法解决了该问题。 In registry editor, navigate HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0\\Client and change the values as follows: "DisabledByDefault"=dword:00000000 "Enabled":dword:00000001在注册表编辑器中,导航 HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0\\Client 并更改如下值:"DisabledByDefault"=dword:00000000 "Enabled":dword:00000001

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 客户端和服务器无法通信,因为它们没有共同的算法 - ASP.NET C# IIS TLS 1.0 / 1.1 / 1.2 - Win32 - The client and server cannot communicate, because they do not possess a common algorithm - ASP.NET C# IIS TLS 1.0 / 1.1 / 1.2 - Win32Exception 调用TLS 1.0和TLS 1.2 Web服务的ASP.NET应用程序 - ASP.NET application calling TLS 1.0 and TLS 1.2 web services Tls 1.2 或 Tls 1.0 与 .net 框架 4.0 - Tls 1.2 OR Tls 1.0 with .net framework 4.0 .NET 4.5 和 .NET 4.5.1 是否默认启用 TLS 1.1 和 TLS 1.2? - Is TLS 1.1 and TLS 1.2 enabled by default for .NET 4.5 and .NET 4.5.1? 在WCF和.NET 4.0中使用TLS 1.1或1.2? - Use TLS 1.1 or 1.2 in WCF and .NET 4.0? ASP.NET 核心 Web API 禁用 TLS 1.0 和 TLS 1.1 支持 - ASP NET Core Web API disable TLS 1.0 and TLS 1.1 support 如何在ASP.NET Core 2.0中使用TLS 1.2 - How to use TLS 1.2 in ASP.NET Core 2.0 如何在 ASP.Net Core 2.0 中实现 TLS 1.2 - How to implement TLS 1.2 in ASP.Net Core 2.0 ASP.Net MVC 应用程序默认为 TLS 1.0 - ASP.Net MVC application Defaults to TLS 1.0 需要在服务器环境中启用 TLS1.2 并禁用 TLS1.0 & 1.1 - Need to enable TLS1.2 in server environment and disable TLS1.0 & 1.1
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM