gpt4 book ai didi

c# - 在 ASP.Net 中定义自己的 TlsCipherSuite

转载 作者:行者123 更新时间:2023-12-04 22:37:26 32 4
gpt4 key购买 nike

我正在使用 ASP.Net 构建一个 WebService。目前服务正在本地运行,我使用 NMAP 检查了允许的 TLS 版本和密码。我的结果是这样的

| ssl-enum-ciphers: 
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
|_ least strength: C
我现在想在 ASP.Net 中定义自己的 CipherSet
我尝试将 Microsoft 文档中的示例用于 kestrel https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel?view=aspnetcore-3.1#listenoptionsprotocols
我的代码如下所示:
 webBuilder.UseKestrel(kestrelOptions =>
{
kestrelOptions.ConfigureHttpsDefaults(httpsOptions =>
{
httpsOptions.SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13;

httpsOptions.OnAuthenticate = (connectionContext, authenticationOptions) =>
{
var ciphers = new List<TlsCipherSuite>()
{
TlsCipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TlsCipherSuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TlsCipherSuite.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TlsCipherSuite.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TlsCipherSuite.TLS_PSK_WITH_AES_128_GCM_SHA256,
TlsCipherSuite.TLS_PSK_WITH_AES_256_GCM_SHA384,
TlsCipherSuite.TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
TlsCipherSuite.TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
TlsCipherSuite.TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TlsCipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TlsCipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TlsCipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TlsCipherSuite.TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
TlsCipherSuite.TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256,
TlsCipherSuite.TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384,
TlsCipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256,
TlsCipherSuite.TLS_DHE_RSA_WITH_AES_128_CCM,
TlsCipherSuite.TLS_DHE_RSA_WITH_AES_256_CCM,
TlsCipherSuite.TLS_DHE_RSA_WITH_AES_128_CCM_8,
TlsCipherSuite.TLS_DHE_RSA_WITH_AES_256_CCM_8,
TlsCipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TlsCipherSuite.TLS_PSK_WITH_AES_128_CCM,
TlsCipherSuite.TLS_PSK_WITH_AES_256_CCM,
TlsCipherSuite.TLS_DHE_PSK_WITH_AES_128_CCM,
TlsCipherSuite.TLS_DHE_PSK_WITH_AES_256_CCM,
TlsCipherSuite.TLS_PSK_WITH_AES_128_CCM_8,
TlsCipherSuite.TLS_PSK_WITH_AES_256_CCM_8,
TlsCipherSuite.TLS_PSK_DHE_WITH_AES_128_CCM_8,
TlsCipherSuite.TLS_PSK_DHE_WITH_AES_256_CCM_8,
TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
};
authenticationOptions.EnabledSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13;
authenticationOptions.CipherSuitesPolicy = new CipherSuitesPolicy(ciphers);
};
});
});
一旦我启动 WebService,我就会得到这个异常:
System.PlatformNotSupportedException: "CipherSuitesPolicy is not supported on this platform."
我需要导入一些东西来完成这项工作吗?

最佳答案

我想我有一个解决方案。
CipherSuitesPolicy 似乎仅适用于 Linux 和 MacOS。
对于 Windows,我必须停用注册表中的某些密码

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168" /v Enabled /d 0 /t REG_DWORD /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168" /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168" /v Enabled /d 0 /t REG_DWORD /f
这个解决方案对我有用。 WebService 现在只使用强密码

关于c# - 在 ASP.Net 中定义自己的 TlsCipherSuite,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/72127149/

32 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com