将密码套件添加到dotnetcore 3.1的HttpClient的TLS1.2中 [英] Adding Cipher suite to TLS1.2 of HttpClient of dotnetcore 3.1
问题描述
在连接Western Digital网站时遇到以下异常:
由
Firefox成功连接到该网站,并且Wireshark发现firefox在列表中具有1个密码:
但是我的dotnet核心应用程序在ssl握手中存在致命问题,因为它没有WD通用的单个密码:
我花了很多时间来了解错误是从这里来的....如果真的是从这里来的.
因此,有2个问题来自此分析:
-
是否可以在以C#编写的点网核心3.1应用程序中添加密码套件,以使其与本网站兼容?我在互联网上看到过讨论,其中规定可能不允许美国的Microsoft公司出口强大的密码算法...如果是这样,那么使用与Western Digital(Usa)相同的套件的Firefox(Usa)又如何呢?
-
是否有可能在C#中使用另一个库(我认为是开放的SSl),但是另一个库确实提供了https的所有层(即提议等效于httpClient)/如何避免跨平台丢失跨平台的内容dotnetcore的功能....
备注:即使Fiddler也有此问题!这是可以理解的,因为它也依赖于点网框架技术:
- 要回答@Steffen Ullrich的评论,我在Win7上运行了这些东西:
.NET Core使用本机TLS堆栈(即SChannel)支持的密码.支持哪种密码取决于Windows的版本.您的操作系统支持哪些密码(在website of Western digital
22:02:34,803 | HttpGrabber | DEBUG | Grabbing: GET https://shop.westerndigital.com/de-de/products/internal-drives/wd-red-sata-2-5-ssd#WDS200T1R0A
22:02:34,858 | HttpGrabber | DEBUG | System.Net.Http.SocketsHttpHandler.Http2Support: True
22:02:34,865 | HttpGrabber | DEBUG | System.Net.Http.UseSocketsHttpHandler: True
22:02:35,067 | HttpGrabber | ERROR | System.AggregateException: One or more errors occurred. (The SSL connection could not be established, see inner exception.)
---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
---> System.ComponentModel.Win32Exception (0x80090326): Le message reçu était inattendu ou formaté de façon incorrecte.
--- End of inner exception stack trace ---
I think that the C# code is correct as I have 3/4 Unit test Passing:
[TestCase("https://allianz-fonds.webfg.net/sheet/fund/FR0013192572/730?date_entree=2018-04-04")]
[TestCase("https://www.galaxus.de/de/s1/product/zotac-zbox-magnus-en72070v-intel-core-i7-9750h-0gb-pc-13590721")]
[TestCase("https://www.hystou.com/Gaming-Mini-PC-F7-with-Nvidia-GeForce-GTX-1650-p177717.html")]
[TestCase("https://shop.westerndigital.com/de-de/products/internal-drives/wd-red-sata-2-5-ssd#WDS200T1R0A")]
The SSL diagnostic done by ssllabs gives a list of supported cipher suites handled by the website of Western digital:
Firefox connects succesfully to the website, and Wireshark spots that firefox has 1 cipher in the list:
However my dotnet core application has a fatal in the ssl handshake because it has not a single cipher common with WD :
I took a lot of time to understand that the error comes from here.... if it really comes from here.
Hence 2 questions comes from this analysis:
Is it possible to add a cipher suite in my dot net core 3.1 application , written in C# to be compliant with this website ? I have seen discussion on internet stipulating that maybe the Us company which is Microsoft is not allowed to export strong cryptographic algorithms... if this is true, what about firefox (Usa too) using the same suite as Western digital (Usa too).
Is there a possibility to use in C# another library ( I think about open SSl) but the other library does provide all layers of https (ie propose equivalent of httpClient) / what about crossplatform to avoid loosing the cross platform feature of dotnetcore ....
Remark: Even Fiddler has this problem ! Which is understandable as it is also relying on the dot net framework technology:
- To answer comment of @Steffen Ullrich I run this stuff on Win7:
.NET Core uses the ciphers supported by the native TLS stack, i.e. SChannel. Which ciphers are supported depend on the version of Windows. Which ciphers are supported by your OS (is documented in TLS Cipher Suites in Windows 7. As you can see, none of the ciphers offered by the server are supported by your OS.
With Firefox or Chrome browser the situation is different. These come with their own stack and are thus not limited on what the OS offers. That's why they work.
这篇关于将密码套件添加到dotnetcore 3.1的HttpClient的TLS1.2中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
