堆栈内存溢出
  简体   繁体   English

ASP.Net MVC 应用程序默认为 TLS 1.0

[英]ASP.Net MVC application Defaults to TLS 1.0

 原文  2019-09-19 13:47:03       c#/ asp.net-mvc/ tls1.2/ webrequest

问题描述

We have an ASP.Net MVC application that uses server-to-server communication for retrieving some info.我们有一个 ASP.Net MVC 应用程序,它使用服务器到服务器的通信来检索一些信息。

When we run an installation in the AWS cloud, the request fails because, by default, WebRequest uses TLS 1.0, which we have disabled on our environment.当我们在 AWS 云中运行安装时,请求失败,因为默认情况下,WebRequest 使用我们在环境中禁用的 TLS 1.0。 Using the same code in another project defaults to TLS 1.2.在另一个项目中使用相同的代码默认为 TLS 1.2。 Also, hardcoding the protocol in the ServicePointManager fixes the issue.此外,在ServicePointManager中对协议进行硬编码可以解决此问题。

Does anyone have experience with a similar problem and the underlying cause?有没有人遇到过类似的问题和根本原因? I would like to fix this without hardcoding the protocol because it is not future-proof.我想在不对协议进行硬编码的情况下解决这个问题,因为它不是面向未来的。

1 个解决方案

解决方案1
 1  2019-09-19 14:43:08

I had a similar problem, and ended up simply making it a configuration setting:我遇到了类似的问题,最后只是将其设置为配置设置:


//read setting as comma-separated string from wherever you want to store settings
//e.g. "SSL3, TLS, TLS11, TLS12"
string tlsSetting = GetSetting('tlsSettings')

//by default, support whatever mix of protocols you want..
var tlsProtocols = SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

if (!string.IsNullOrEmpty(tlsSetting))
{
    //we have an explicit setting, So initially set no protocols whatsoever.
    SecurityProtocolType selOpts = (SecurityProtocolType)0;

    //separate the comma-separated list of protocols in the setting.
    var settings = tlsSetting.Split(new[] { ',' });

    //iterate over the list, and see if any parse directly into the available
    //SecurityProtocolType enum values.  
    foreach (var s in settings)
    {
        if (Enum.TryParse<SecurityProtocolType>(s.Trim(), true, out var tmpEnum))
        {
            //It seems we want this protocol.  Add it to the flags enum setting
            // (bitwise or)
            selOpts = selOpts | tmpEnum;
        }
    }

    //if we've allowed any protocols, override our default set earlier.
    if ((int)selOpts != 0)
    {
        tlsProtocols = selOpts;
    }
}

//now set ServicePointManager directly to use our protocols:
ServicePointManager.SecurityProtocol = tlsProtocols;

This way, you can enable/disable specific protocols, and if any values are added or removed to the enum definition, you won't even need to re-visit the code.这样,您可以启用/禁用特定协议,如果在枚举定义中添加或删除任何值,您甚至不需要重新访问代码。

Obviously a comma-separated list of things that map to an enum is a little unfriendly as a setting, but you could set up some sort of mapping or whatever if you like of course... it suited our needs fine.显然,map 到枚举的以逗号分隔的列表作为设置有点不友好,但您当然可以设置某种映射或其他任何东西......它非常适合我们的需求。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 调用TLS 1.0和TLS 1.2 Web服务的ASP.NET应用程序 - ASP.NET application calling TLS 1.0 and TLS 1.2 web services 简单的ASP.Net MVC 1.0验证 - Simple ASP.Net MVC 1.0 Validation ASP.NET MVC 1.0 + Mono 2.4 - ASP.NET MVC 1.0 + Mono 2.4 打开 TLS 1.0、TLS 1.1、TLS 1.2 ... Asp.NET IIS 10.0 - Turn on TLS 1.0, TLS 1.1, TLS 1.2 ... Asp.NET IIS 10.0 带有使用MVC 1.0的控制器的ASP.Net MVC ViewUserControl - ASP.Net MVC ViewUserControl with controller using MVC 1.0 覆盖ASP.NET Core 1.0 MVC中的全局授权过滤器 - Override global authorize filter in ASP.NET Core 1.0 MVC C#ASP.NET MVC 1.0路由 - C# asp.net mvc 1.0 routing 在ASP.NET MVC 1.0中使用ModelBinder处理无效值 - Handling invalid values with ModelBinder in ASP.NET MVC 1.0 ASP.NET Core 1.0中的单元测试路由(前MVC 6) - Unit testing routing in ASP.NET Core 1.0 (ex MVC 6) Visual Studio 2010中的ASP.Net MVC 1.0 - ASP.Net MVC 1.0 in Visual Studio 2010
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM