![](/img/trans.png)
[英]C# Could not create ssl/tls secure channel on Windows 7/Windows Server, using TLS1.2
[英]Could not create SSL/TLS secure channel error during TLS 1.2 connection when not in admin mode
最近两天,我一直在寻找答案,但对于从哪里开始调查仍然一无所知。
我既有C#.net标准库,又有Powershell脚本,该脚本使我可以从REST API中获取数据。 powershell脚本如下所示。
$cert = Get-ChildItem -Path Cert:\LocalMachine\My\<Thumbprint>
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri “https://some.url.to.get.my.data” -Method Get -Certificate $cert
直到最近,这里提到的此脚本和C#代码都对我有效(未以管理员身份运行)。 现在它给我带来麻烦,并返回一条错误消息:
Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure channel.
At line:3 char:1
+ Invoke-WebRequest -Uri “https://some.url.to.get.my.data ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
我的C#应用程序中存在相同的问题。 我已经设定
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
我设置了X509证书(此处未显示)并使用拨打了电话
HttpClient.GetStringAsync(string requestUri).Result;
呼叫挂起,再也不会返回。
有趣的是,如果我在管理员模式下运行Powershell或Visual Studio,则Powershell和C#代码都可以正常工作。
令我沮丧的是,我尝试通过Wireshark查看客户端与服务器之间的呼叫。 通过比较正常工作和非正常工作之间的呼叫模式,我可以知道握手似乎在正常工作。 至少从最初直到服务器即将发送数据为止。 客户端出于某种原因将[FIN,ACK]调用发送到服务器,并且连接终止。
我欢迎您提出任何建议。
谢谢。
我的另一个.NET应用程序存在类似问题,请验证是否已设置以下注册表项,还请注意,可能需要根据您的.NET和/或OperatingSystem版本要求特定补丁程序,有关更多信息,请参见: https:// docs。 microsoft.com/zh-CN/dotnet/framework/network-programming/tls
$RegistryKeys = @(
@{
Path = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319"
Name = "SystemDefaultTlsVersions"
Value = "1"
PropertyType = "DWord"
}
@{
Path = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319"
Name = "SchUseStrongCrypto"
Value = "1"
PropertyType = "DWord"
}
@{
Path = "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319"
Name = "SystemDefaultTlsVersions"
Value = "1"
PropertyType = "DWord"
}
@{
Path = "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319"
Name = "SchUseStrongCrypto"
Value = "1"
PropertyType = "DWord"
}
@{
Path = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server"
Name = "Enabled"
Value = "1"
PropertyType = "DWord"
}
@{
Path = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server"
Name = "DisabledByDefault"
Value = "0"
PropertyType = "DWord"
}
@{
Path = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client"
Name = "Enabled"
Value = "1"
PropertyType = "DWord"
}
@{
Path = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client"
Name = "DisabledByDefault"
Value = "0"
PropertyType = "DWord"
}
)
一些代码对此进行测试:
$ErrorActionPreference = 'Stop'
$VerbosePreference = 'Continue'
Foreach ($RegistryKey in $RegistryKeys) {
# * Validate Path
# This code will check if the Path exists.
Write-Verbose "Processing '$($RegistryKey.Path)' '$($RegistryKey.Name)'"
Write-Verbose "Validating if path '$($RegistryKey.Path)' exists"
If (-Not (Test-Path -Path $RegistryKey.Path)) {
Write-Warning "Path '$($RegistryKey.Path)' doest not exist"
Continue
}
Write-Verbose "Path '$($RegistryKey.Path)' exists"
# * Validate Property
# This code will check if the property exists.
Write-Verbose "Reading properties for'$($RegistryKey.Path)'"
$Properties = Get-ItemProperty -Path $RegistryKey.Path
Write-Verbose "Validating if property '$($RegistryKey.Name)' exists"
If (-Not ($RegistryKey.Name -in ($Properties | Get-Member).Name)) {
Write-Warning "Property '$($RegistryKey.Name)' doest not exist"
Continue
}
Write-Verbose "Property '$($RegistryKey.Name)' exists"
# * Validate Property value
# This code will check if the configured value is correct.
Write-Verbose "Validating if property value is set to '$($RegistryKey.Value)'"
If (-Not ((Get-ItemProperty -Path $RegistryKey.Path -Name $RegistryKey.Name)."$($RegistryKey.Name)" -eq $RegistryKey.Value)) {
Write-Warning "Property value is incorrect for '$($RegistryKey.Path)' '$($RegistryKey.Name)'"
Continue
}
Write-Verbose "Property value is correct for '$($RegistryKey.Path)' '$($RegistryKey.Name)'"
}
以我为例,事实证明问题确实在获取证书。 我最初在开发过程中在“当前用户”帐户中拥有该证书,该证书没有任何问题。 将证书移到“本地计算机”帐户下后,我开始遇到此问题。
解决方案是授予我的用户帐户通过证书管理器访问特定证书的权限>右键单击证书>所有任务>管理私钥。 然后将我的用户帐户添加到列表中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.