.NET的SslStream始终与最不安全的密码协商。我该怎么改? [英] .NET's SslStream is always negotiating to the least secure cipher I have. How can I change this?
问题描述
SslStream应该与对等SSL堆栈协商密码类型,密钥长度,散列算法等。在我的代码中使用它时,我发现协商总是默认为RC4& MD5。我想使用3DES或AES来增加一些安全性。
SslStream is supposed to negotiate the cipher type, key length, hash algorithm, etc. with its peer SSL stack. When using it in my code, I find that the negotiation always defaults to RC4 & MD5. I would like to use 3DES or AES for some added security.
环顾四周,我发现只有几个参考这个问题,没有解决方案;一个海报声称这实际上是有意义的,因为两个堆栈之间的最小公分母是安全的,而具有更快/更少的CPU资源的附加益处。虽然这可能在技术上是正确的,但我在复杂性和成本之间的特殊权衡在于其他地方(我更喜欢使用AES加长钥匙)。
Looking around the web I find only a few references to this problem and no solutions; one poster is claiming this actually makes sense, since the lowest common denominator between the two stacks is secure while has the added benefit of being faster/using less CPU resources. While this may be technically correct, my particular trade-off between complexity and cost lies elsewhere (I prefer to use AES with a long key).
如果有人可以帮助我'd欣赏它。
If anyone can help I'd appreciate it.
推荐答案
您可以通过进行一些简单的注册表更改来选择哪些协议可供选择。例如,我们删除选择RC4的能力。您只需要在连接的一端进行更改(例如服务器),因为客户端和服务器协商寻找通常支持的算法
You can select which protocols are available for selection by making some simple registry changes. We remove the ability to select RC4, for example. You only need to make the change at one end of the connection (eg server) because the client and server negotiate to find commonly supported algorithm
http://msdn.microsoft.com/en-us/library/ms925716.aspx
最好的祝福
James
Best wishes James
这篇关于.NET的SslStream始终与最不安全的密码协商。我该怎么改?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
