stackoom
  简体   繁体   中英

Can't download files from the computer with enabled TLS 1.1/1.2 protocols using WebClient.DownloadFile method

 原文  2015-01-15 19:38:56       c#/ .net/ iis/ ssl/ downloadfile

Question

I'm trying to implement a simple console application to download the files using Webclient.DownloadFile method over TLS 1.1/1.2 protocols. This is the code for the application: 

var downloadUrl = "https://serverURL.com/sample.mp3";
var filename = "sample.mp3";
var myWebClient = new WebClient();
myWebClient.DownloadFile(downloadUrl, filename);

Everytime I run it I'm getting the following error message: 

Unhandled Exception: System.Net.WebException: 
The underlying connection was closed: An unexpected error occurred on a receive. --->   

System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possessa common algorithm
at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)
at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)
at System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)
at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.TlsStream.CallProcessAuthentication(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Net.WebClient.DownloadFile(Uri address, String fileName)
at System.Net.WebClient.DownloadFile(String address, String fileName)
at web_downloader.Program.Main(String[] args) in c:\Users\user\Documents\Visual Studio 2013\Projects\web_downloader\web_downloader\Program.cs:line 27

I have the following setup: web_downloader application is located on ServerA (Windows Server 2012 R2/64bit), which has the following in the registry key under HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Protocols : 

PCT 1.0
--Client
----DisabledByDefault=1
----Enabled=0
--Server
----DisabledByDefault=1
----Enabled=0
SSL 2.0
--Client
----DisabledByDefault=1
----Enabled=0
--Server
----DisabledByDefault=1
----Enabled=0
SSL 3.0
--Client
----DisabledByDefault=1
----Enabled=0
--Server
----DisabledByDefault=1
----Enabled=0
TLS 1.0
--Client
----DisabledByDefault=1
----Enabled=0
--Server
----DisabledByDefault=1
----Enabled=0
TLS 1.1
--Client
----DisabledByDefault=0
----Enabled=1
--Server
----DisabledByDefault=0
----Enabled=1
TLS 1.2
--Client
----DisabledByDefault=0
----Enabled=1
--Server
----DisabledByDefault=0
----Enabled=1

And ServerB , which stores sample.mp3 file, has the following: 

SSL 2.0
  Client
    DisabledByDefault=1
TLS 1.1
  Client
    DisabledByDefault=0
    Enabled=1
  Server
    DisabledByDefault=0
    Enabled=1
TLS 1.2
  Client
    DisabledByDefault=0
    Enabled=1
  Server
    DisabledByDefault=0
    Enabled=1

As soon as I enable TLS 1.0 on ServerA I'm able to download the mp3 file from ServerB (Windows 7/64bit/Net Framework 4.5.1) without any issues.

System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing policy is disabled on both machines.

Am I missing any configuration parameters for DownloadFile method to work with TLS 1.1/1.2?

2 answers

solution1
 6 ACCPTED  2015-01-15 19:44:01

The .NET Framework uses its own settings to decide which HTTPS versions to use by default. See https://stackoverflow.com/a/169396/126229 for the ServicePointManager.SecurityProtocol setting to set on the client to ensure that it attempts to negotiate a TLS1.1 connection.

You can also watch the outbound traffic with Fiddler (look at the CONNECT Tunnel's TextView Request inspector) for a breakdown of the ClientHello message. Be warned that running Fiddler with HTTPS-decryption enabled will interfere because Fiddler itself defaults to using SSL3+TLS1 to talk to servers.

solution2
 0  2015-05-20 15:10:30

如果您使用的是.NET Framwork 3.5或更低版本,则只能设置TLS 1.0(放置注册表项),并且必须在服务器上启用TLS 1.0。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can't implement timeout when trying to download a file using WebClient.DownloadFile() or WebRequest WebClient.DownloadFile hangs when computer is locked Downloaded files using WebClient.DownloadFile() do not work WebClient.DownloadFile download file that is dynamically created WebClient.DownloadFile method and HTTPS - is it an HTTPS connection? WebClient.DownloadFile doesn't work c# webClient.DownloadFile doesn't download, it just creates an empty text file Unable to Open folder using Path after downloading Files(webClient.DownloadFile()) Inexplicable behavior of WebClient.DownloadFile WebClient.DownloadFile path problems
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM