在Windows Server 2008 R2上使用IIS7.5使用TLS1.2发出请求
[英]make a request with TLS1.2 using IIS7.5 on Windows Server 2008 R2
问题描述
I have a webservice made in C#. 
我有一个用C#制作的Web服务。 It consumes other web service, but it always use SSL3 or TLS1.0. 它使用其他Web服务,但始终使用SSL3或TLS1.0。
I have changed the registry like this link: https://www.derekseaman.com/2010/06/enable-tls-12-aes-256-and-sha-256-in.html#uds-search-results 我已经更改了此链接这样的注册表: https : //www.derekseaman.com/2010/06/enable-tls-12-aes-256-and-sha-256-in.html#uds-search-results
If on the registry, i disable TLS1.0, it tries to make the request with SSL3, If i disable SSL3 it doesn't make the request. 如果在注册表中,我禁用了TLS1.0,它将尝试使用SSL3发出请求;如果禁用SSL3,则不会发出请求。 If i put the TLS1.2 ciphers only on the gpedit, it doesn't make the request. 如果我仅将TLS1.2密码放在gpedit上,它不会发出请求。 I think that TLS1.2 only works when answer a request, not when consume. 我认为TLS1.2仅在回答请求时起作用,而在消耗时不起作用。
This are the suite ciphers that IIS use: 这是IIS使用的套件密码:
TLS 1.0: TLS 1.0:
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
SSL3: SSL3:
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004) Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
If i use a stand alone c# application, it uses TLS1.2, but when it is managed by IIS, doesn't do this. 如果我使用独立的c#应用程序,则使用TLS1.2,但是当它由IIS管理时,则不会这样做。
I use .NET 3.5, running on .NET4.0 (on the properties of project, i have .NET 3.5, on the web.config, i have ). 我使用在.NET4.0上运行的.NET 3.5(在项目属性上,我在Web.config上拥有.NET 3.5,我拥有)。 This is because i need to use WSE3. 这是因为我需要使用WSE3。 The runtime of .Net is v4.0.30319 .Net的运行时为v4.0.30319
1 个解决方案
解决方案1
0 2018-09-26 09:36:48
To support TLS 1.1/1.2 as a client on older versions of .NET you need to enable those protocols on ServicePointManager . 要在早期版本的.NET上支持TLS 1.1 / 1.2作为客户端,您需要在ServicePointManager上启用这些协议。
But the enumeration normally used for this doesn't have the necessary fields, but the underlying values do work if the installation is fully patched. 但是,通常用于此目的的枚举没有必填字段,但是如果完全修补了安装,则基础值会起作用。 Using VB.Net (as it is code I have to hand): 使用VB.Net(因为这是我必须要处理的代码):
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls _
Or DirectCast(&H300, SecurityProtocolType) _
Or DirectCast(&HC00, SecurityProtocolType)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.