个人中心
文章发布
退出
作者热门文章
- r - 以节省内存的方式增长 data.frame
- ruby-on-rails - ruby/ruby on rails 内存泄漏检测
- android - 无法解析导入android.support.v7.app
- UNIX 域套接字与共享内存(映射文件)
26
4
我正在使用 C#(.Net 框架 3.5)应用程序中的 SSL POST 调用开发登录/注销功能。通过 HttpWebRequest::BeginGetResponse() 从服务器获取响应在 80% 的时间内有效,但另外 20% 的时间断断续续地抛出:
The request was aborted: Could not create SSL/TLS secure channel.
我使用 suggested 启用了 SSL 跟踪来自另一个问题的文章。这在请求跟踪中产生了两种不同的模式。
貌似在执行过程中,报错:
System.Net Error: 0 : [3680] Decrypt returned SEC_I_RENEGOTIATE.
正在接收,导致重新初始化安全上下文。当这种情况发生并成功时,输出如下(注意我省略了实际地址):
System.Net Error: 0 : [3680] Decrypt returned SEC_I_RENEGOTIATE.
System.Net Information: 0 : [3680] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 4bec0d0:4c0a8a8, targetName = [omitted].com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [3680] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=78, returned code=ContinueNeeded).
System.Net Information: 0 : [7148] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 4bec0d0:4c0a8a8, targetName = [omitted].com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [7148] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded).
System.Net Information: 0 : [7148] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 4bec0d0:4c0a8a8, targetName = [omitted].com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [7148] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded).
System.Net Information: 0 : [7148] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 4bec0d0:4c0a8a8, targetName = [omitted].com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [7148] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=1259, returned code=ContinueNeeded).
System.Net Information: 0 : [7148] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 4bec0d0:4c0a8a8, targetName = [omitted].com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [7148] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded).
System.Net Information: 0 : [7148] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 4bec0d0:4c0a8a8, targetName = [omitted].com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [7148] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=OK).
System.Net Information: 0 : [7148] Remote certificate: [Version]
V1
失败时:
System.Net Error: 0 : [3680] Decrypt returned SEC_I_RENEGOTIATE.
System.Net Information: 0 : [3680] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 4bec0d0:4c0ab50, targetName = [omitted].com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [3680] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=78, returned code=ContinueNeeded).
System.Net Error: 0 : [3680] Exception in the HttpWebRequest#20730349:: - The request was aborted: Could not create SSL/TLS secure channel.
System.Net Verbose: 0 : [3680] HttpWebRequest#20730349::EndGetResponse()
System.Net Error: 0 : [3680] Exception in the HttpWebRequest#20730349::EndGetResponse - The request was aborted: Could not create SSL/TLS secure channel.
我当然可以捕捉到这个异常,但是正确的处理方式是什么?
我的应用程序是否有办法防止(或正确处理)这些错误?当它发生时,它似乎在一段时间内不断出错,但在一些不确定数量的请求之后又开始工作。
谢谢!
最佳答案
(原始答案,见下文。)
此错误通常意味着您的客户端和服务器未设置为使用相同类型的加密。通常,解决此问题的最简单方法是显式设置要在客户端中使用的版本。
如果您使用的是 .NET 4.5 或更新版本,请按照从最安全到最不安全的顺序尝试以下选项:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11;ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;如果您使用的是 .NET 4.0 或更早版本,则只能使用上面的最后一行,因为这些版本不支持 TLSv1.1 和 TLSv1.2。 强烈建议您升级到 .NET 4.5 以利用 TLSv1.2 支持。
除了设置 SecurityProtocol 属性外,您可能还必须设置:ServicePointManager.Expect100Continue = true;
如果这些设置都没有帮助,则可能意味着您的服务器仅支持 SSLv3(或者,更糟糕的是,支持 SSLv2)。如果是这种情况,请升级您的服务器!SSLv3 已损坏,不应再使用。
SSLv3 不再被认为是安全的。请勿使用这些设置!虽然这是 2011 年的正确答案,但仅出于历史原因保留在这里。
您需要在请求前添加以下代码行:
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
据我所知,旧版本(.NET 2 和/或 Windows xp/2003 及更早版本)使用这些作为默认选项,但较新版本(.NET 3 和/或 Windows Vista)/2008 及更新版本)不要。
关于C# HttpWebRequest SEC_I_RENEGOTIATE 间歇性错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6232746/
26
4
0
我正在使用 C#(.Net 框架 3.5)应用程序中的 SSL POST 调用开发登录/注销功能。通过 HttpWebRequest::BeginGetResponse() 从服务器获取响应在 80%
我们使用 HttpWebRequest 进行 REST 交互,通过 HTTPS,启用了 keep-alive。这可行,但在服务器端(Apache)我们经常遇到这样的错误: “重新协商握手失败:客户不接
我目前正在使用 SChannel 开发一个基于异步 (IOCP) 的服务器,我的大部分工作都很好,但我遇到了重新协商的问题。具体来说,当对等方 A 向对等方 B 发送重新协商的请求并且对等方 B 以
我是一名优秀的程序员,十分优秀!