WebService 使用 TLS1.1,TLS1.2 无法连接到开发服务器,在本地开发中工作
[英]WebService using TLS1.1, TLS1.2 unable to connect on development server, works in local development
问题描述
I have a .NET WebService call that is set to use TLS1.1 or higher.
我有一个设置为使用 TLS1.1 或更高版本的 .NET WebService 调用。 This works in my local development, but when i move to our development server, I receive the following error:这适用于我的本地开发,但是当我移动到我们的开发服务器时,我收到以下错误:
Could not ExecuteRequest for xxx data - - The request was aborted: Could not create SSL/TLS secure channel.
In the code i have the tls settings:在代码中,我有 tls 设置:
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12 | SecurityProtocolType.Tls13 | SecurityProtocolType.Ssl3;
I've verified on the server the registry settings are correct for enabling TLS1.1, 1.2, etc... by checking: *HKEYLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols[TLS 1.1, TLS 1.2]* I have the DisabledByDefault = 0 and Enabled = 1 for both "Client" and "Server" keys at these locations我已经在服务器上验证了注册表设置对于启用TLS1.1、1.2等是否正确...通过检查: *HKEYLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols[TLS 1.1, TLS 1.2]* I在这些位置为“客户端”和“服务器”键设置 DisabledByDefault = 0 和 Enabled = 1
In the windows system logs there is an Schannel error: EventID 36887: A fatal alert was received from the remote endpoint.在 Windows 系统日志中,有一个 Schannel 错误:EventID 36887:收到来自远程端点的致命警报。 The TLS protocol defined fatal alert code is 40. TLS 协议定义的致命警报代码是 40。
I'm not sure where to go from here.我不知道从这里去哪里。 I feel like it's probably a simple setting or a registry tweak, but i'm lost now.我觉得这可能是一个简单的设置或注册表调整,但我现在迷路了。
thanks in advance for the help在此先感谢您的帮助
1 个解决方案
解决方案1
0 2020-03-06 22:11:21
If I understand you correctly, you have a code that works on one server, but not the other.如果我理解正确的话,您的代码可以在一台服务器上运行,但在另一台服务器上不起作用。 In that case it seems that at least you have configured .Net Framework correctly, but as one of the comments suggest you should check that your OS supports it TLS 1.1 (maybe worth checking that you are running on exact same .net framework version as well).在这种情况下,似乎至少您已经正确配置了 .Net Framework,但正如其中一条评论建议您检查您的操作系统是否支持 TLS 1.1(也许值得检查您是否也在完全相同的 .net 框架版本上运行)。
I see that you use win server 2012 and it seems it's not enabled by default in there.我看到您使用的是 win server 2012 并且它似乎在那里默认未启用。 Here is a quote from MS docs here :下面是从MS文档报价在这里:
Earlier versions of Windows, such as Windows 7 or Windows Server 2012, don't enable TLS 1.1 or TLS 1.2 by default for secure communications using WinHTTP.
Try checking the documentation and verify TLS 1.1.尝试查看文档并验证 TLS 1.1。 is enabled in OS.在操作系统中启用。
PS If the server you are trying to connect to supports TLS 1.2, I would not bother with TLS 1.1 at all, and just force all to use TLS 1.2. PS 如果您尝试连接的服务器支持 TLS 1.2,我根本不会理会 TLS 1.1,只是强制所有人使用 TLS 1.2。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.