如何重现SslStream.AuthenticateAsServer的异常？ [英] How do I reproduce the exception of SslStream.AuthenticateAsServer ?

问题描述

我从服务器收到异常错误。这些错误与SslStream身份验证有关。

我在服务器端实现了代码：

I got the exception error from our server. These errors related to SslStream Authentication.
I implemented the code at our server side:

try
{
    SslProtocols sslProtocol = SslProtocols.Tls;

    m_sslStream.AuthenticateAsServer(serverCertificate,
        false, sslProtocol, true);
}
catch (AuthenticationException e)
{
    m_Log.ErrorFormat("Exception: {0}", e.Message);
    if (e.InnerException != null)
    {
        m_Log.ErrorFormat("Inner exception: {0}", e.InnerException.Message);
    }
    m_Log.ErrorFormat("Authentication failed - closing the connection from {0}", remoteIPAddress);
    m_sslStream.Close();
    m_sslStream = null;
}

当从50个不同的客户端到我们的服务器有50个连接时，我收到了与SslStream身份验证相关的三个错误。它只发生在3个IP地址但不是全部。所有剩余的其他IP连接成功。



这是我得到的错误：

I got three errors related to SslStream Authentication when there are 50 connections from 50 different clients to our server . It only happened with 3 IP address but not all. All remaining other IP connected successful.

Here is the error I got:

IP 1:
Exception: A call to SSPI failed, see inner exception 
Inner exception: The client and server cannot communicate, because they do not possess a common algorithm
Authentication failed - closing the connection from ...

IP 2:
Exception: A call to SSPI failed, see inner exception
Inner exception: An unknown error occurred while processing the certificate
Authentication failed - closing the connection from ...

IP 3:
Exception: A call to SSPI failed, see inner exception
Inner exception: The token supplied to the function is invalid
Authentication failed - closing the connection from ...

你能帮我解决一下如何重现这些错误吗？或者如何解决这些问题？



欢迎任何想法。



预先感谢您的帮助

Could you please help me how to reproduce these errors? or how to resolve them?

Any ideas welcome.

Thanks in advance for your help

推荐答案

客户端和服务器无法通信，因为它们没有通用的算法



最有可能，对于这三个客户端，它们可能是旧操作系统，它们不能使用服务器上使用的SSL证书所需的加密和/或散列算法。



我不喜欢我认为服务器端有很多工作要做。应升级客户端以支持服务器上使用的算法。

"The client and server cannot communicate, because they do not possess a common algorithm"

Most probably, for these three clients, they may be old OS's which cannot use the cryptographic and/or hashing algorithm required by the SSL certificate used on your server.

I don't think there is much to do server-side. Clients should be upgraded to support the algorithm used on your server.

这篇关于如何重现SslStream.AuthenticateAsServer的异常？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！