防止错误无法在某些服务器上创建 SSL/TLS 安全通道
[英]Prevent error could not create SSL/TLS secure channel on some servers
问题描述
I know that there are many references to this error but I am struggling to resolve the issue despite looking at and trying many of the suggested solutions.
我知道有很多关于此错误的引用,但尽管查看并尝试了许多建议的解决方案,但我仍在努力解决该问题。
The error only happens on certain machines.该错误仅发生在某些机器上。 It does not happen on my dev machine nor on many others but we are able to repeat this on a Windows 2008 RS server as well as Windows 2012R2 as well as possibly others.它不会发生在我的开发机器上,也不会发生在许多其他机器上,但我们可以在 Windows 2008 RS 服务器以及 Windows 2012R2 以及可能的其他服务器上重复此操作。
I am able to reach the page in a browser on the affected machine so this would exclude a lack of ciphers (or so I was told).我能够在受影响机器上的浏览器中访问该页面,因此这将排除缺少密码(或者我被告知)。
Each time I run my simple code I get the same error on some machines:每次我运行我的简单代码时,我都会在某些机器上遇到相同的错误:
The request was aborted: Could not create SSL/TLS secure channel.
My simple code is this:我的简单代码是这样的:
Private Async Function CallRest() As Task
Using http As HttpClient = New HttpClient()
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
Dim url As String = "https://www.zeidman.info/appreg/resttest.php"
Dim result = Await http.GetAsync(url)
Dim content = Await result.Content.ReadAsStringAsync
Console.WriteLine(content)
End Using
End Function
I have tried adding:我试过添加:
ServicePointManager.Expect100Continue = True
For testing purposes I have tried adding:出于测试目的,我尝试添加:
ServicePointManager.ServerCertificateValidationCallback = AddressOf AcceptAllCertifications
with the corresponding function与对应的function
Public Function AcceptAllCertifications(sender As Object,
certification As System.Security.Cryptography.X509Certificates.X509Certificate,
chain As System.Security.Cryptography.X509Certificates.X509Chain,
sslPolicyErrors As Security.SslPolicyErrors) As Boolean
Return True
End Function
I also saw this answer and used that version of the ServerCertificateValidationCallback but the code does not even go into that method (I put logging inside it)我也看到了这个答案并使用了该版本的 ServerCertificateValidationCallback 但代码甚至没有 go 进入该方法(我将日志记录在其中)
One comment in this question suggested a system.net trace and despite following the instructions I have not been able to get that to show any output.此问题中的一条评论建议使用 system.net 跟踪,尽管按照说明进行操作,但我无法让它显示任何 output。
Any suggestions would be very welcome.任何建议都会非常受欢迎。
1 个解决方案
解决方案1
0 2019-11-22 10:11:36
I got this to work.我得到了这个工作。 Thank you Jimi for all your suggestions.感谢 Jimi 的所有建议。 Very helpful.非常有帮助。
It was your point 5 that got me thinking again.正是你的第 5 点让我再次思考。 I ran the analysis from SSL Labs on the server that I was trying to connect to and saw that there were only four ciphers available.我在尝试连接的服务器上运行SSL Labs的分析,发现只有四个密码可用。 On my Win2008R2 client I used IISCrtypto to see which ciphers were installed.在我的 Win2008R2 客户端上,我使用IISCrtypto查看安装了哪些密码。 I saw that there were no matches for the ones on the server.我看到服务器上没有匹配项。 I added the missing ciphers, rebooted and I was able to reach the site.我添加了丢失的密码,重新启动并能够访问该站点。
One thing I saw was that before Internet Explorer could not reach the site but afterwards it could so it clearly was using the built in Windows ciphers.我看到的一件事是,在 Internet Explorer 无法访问该站点之前,但之后它可以很明显地使用内置的 Windows 密码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.