Visual Studio 中的 FTPS 发布失败,导致“远程连接端关闭安全连接". [英] FTPS publish in Visual Studio fails, results in "Secure connection was closed by the remote connection end."
问题描述
我有一个 ASP.NET 网站,它托管在客户端的 Web 服务器上,我曾经能够通过 Web 一键发布直接从 Visual Studio 发布.连接是通过 FTPS 建立的,因此会在端口 21 上连接到服务器的 IP 地址;即 ftps://101.102.103.104:21.
I have an ASP.NET website that is hosted on a client's web-server, which I used to be able to publish directly from Visual Studio with Web One Click Publish. The connection was made over FTPS, so would connect to the server's IP address on port 21; i.e. ftps://101.102.103.104:21.
但是,在最近更新服务器上的 SSL 证书后,我无法再从 VS 发布到服务器 - 在测试连接或尝试发布文件时出现以下错误:
However, after a recent update to the SSL cert on the server, I can no longer publish to the server from VS - I get the error below when testing the connection or attempting to publish the files:
我的解决方法是发布到本地文件夹,然后与 FileZilla 连接以推送文件.我使用的凭据在 FileZilla 中是相同的,并且在建立连接或上传文件时没有任何问题.因此,有了这个新证书,Visual Studio 通过 FTPS 发布似乎存在问题.
The workaround I've got is to publish to a local folder and then connect with FileZilla to push the files up. The credentials I use are the same in FileZilla, and that doesn't have any issues with making the connection or uploading the files. So there appears to be an issue with Visual Studio publishing over FTPS with this new cert in place.
我注意到通过 FileZilla 进行部署的一个初步差异是,在初始连接时,我会收到有关证书与站点名称不匹配的警告 - 但这仅在通过 IP 地址连接时发生.如果我使用服务器名称(它与服务器上的通配符证书具有相同的域),它不会显示该证书弹出窗口.不幸的是,在 VS 发布设置中使用服务器名称仍然会出现相同的错误.
One initial difference I noticed with deploying via FileZilla was that upon initial connection, I would get a warning about the certificate mismatching the site name - but that was only when connecting by IP address. If I used the server name (which has the same domain as the wildcard cert on the server), it didn't display that certificate popup. Unfortunately, using the server-name in the VS publish settings still gave the same error.
虽然我正在抓紧解决问题的方法,但我尝试连接到端口 990 以查看是否可以使用隐式 SSL(有几篇文章提到这是一个选项),但这不起作用 - 我不确定如果该端口被防火墙阻止,或者只是没有服务侦听,但我无法通过端口 990 telnet 到服务器.
While I was grasping at straws for a fix, I tried connecting on port 990 to see if I could use implicit SSL (a few articles mentioned this as an option), but this didn't work - I'm not sure if that port is blocked at the firewall or if there's just no service listening, but I can't telnet to the server on port 990.
我不认为这是 Visual Studio 的限制,因为它以前可以工作.可能是我们的 IT 人员在应用证书的同时进行了一些服务器配置更改?有没有其他人遇到过这个问题,你能解决这个问题吗?
I don't believe this is a limitation of Visual Studio as it was working before. Possibly our IT guys made some server-config changes at the same time as they applied the certificate? Has anyone else encountered this and were you able to resolve the issue?
推荐答案
因此,经过进一步挖掘,我发现了 2018 年 1 月的 Visual Studio 问题单,表明 FTP 发布不支持 TLS 1.2:
So after some further digging, I found a Visual Studio problem ticket from January 2018 that indicates FTP publishing doesn't support TLS 1.2:
从 FileZilla 检查到网络服务器的 FTP 连接,这似乎需要 TLS1.2 连接.因此,我假设在应用新证书时,IT 在服务器上禁用了 TLS1.0 协议,导致 FTP 连接失败.
From checking the FTP connection to the web-server from FileZilla, it appears this requires a TLS1.2 connection. Therefore I assume that when the new certificate was applied, the TLS1.0 protocol was disabled on the server by IT, and that led to the FTP connection failing.
希望如果其他人遇到此问题,他们将受益于 Visual Studio FTP 发布当前不支持 TLS1.2(如版本 15.7.4).
Hopefully if anyone else runs into this issue, they'll benefit from the knowledge that TLS1.2 is not currently supported in Visual Studio FTP publish (as at version 15.7.4).
更新:
可以确认 Visual Studio 2019 (v16.1.1) 确实支持使用 TLS1.2 的 FTPS 发布
Can confirm that Visual Studio 2019 (v16.1.1) does support FTPS publishing using TLS1.2
这篇关于Visual Studio 中的 FTPS 发布失败,导致“远程连接端关闭安全连接".的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
