没有显式ServicePointManager.SecurityProtocol调用,在.NET 4.7中未协商TLS 1.2 [英] TLS 1.2 not negotiated in .NET 4.7 without explicit ServicePointManager.SecurityProtocol call
问题描述
我需要升级.NET应用程序,以支持仅支持TLS 1.2的网站上对API的调用。据我了解,如果应用程序的目标是4.6或更高版本,则默认情况下它将使用TLS 1.2。
I need to upgrade a .NET application to support a call to an API on a website that only supports TLS 1.2. From what I read, if the application is targeting 4.6 or higher then it will use TLS 1.2 by default.
为了测试,我创建了一个针对4.7的Windows Forms应用。不幸的是,当我没有明确设置ServicePointManager.SecurityProtocol时,它会出错。这是代码:
To test I created a Windows Forms app that targets 4.7. Unfortunately it errors when I don't explicitly set ServicePointManager.SecurityProtocol. Here is the code:
HttpClient _client = new HttpClient();
var msg = new StringBuilder();
// If I uncomment the next line it works, but fails even with 4.7
// ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
var httpWebRequest = (HttpWebRequest)WebRequest.Create("https://sandbox.authorize.net");
httpWebRequest.KeepAlive = false;
try
{
var httpWebResponse = (HttpWebResponse) httpWebRequest.GetResponse();
msg.AppendLine("The HTTP request Headers for the first request are: ");
foreach (var header in httpWebRequest.Headers)
{
msg.AppendLine(header.ToString());
}
ResponseTextBox.Text = msg.ToString();
}
catch (Exception exception)
{
ResponseTextBox.Text = exception.Message;
if (exception.InnerException != null)
{
ResponseTextBox.Text += Environment.NewLine + @" ->" + exception.InnerException.Message;
if (exception.InnerException.InnerException != null)
{
ResponseTextBox.Text += Environment.NewLine + @" ->" + exception.InnerException.InnerException.Message;
}
}
}
如果您取消注释以下内容行:
If you uncomment out the following line:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
它有效。这不是一个好的解决方案,因为它会硬编码要使用的TLS版本,因此将来将不再使用TLS 1.3。
it works. This isn't a good solution since it hard codes what TLS version to use, so it wouldn't use TLS 1.3 in future.
我还需要做什么?使它工作而无需使用此行。我正在从装有4.7的Window 10计算机上进行测试。
What else do I need to do to get it work without having this line. I'm testing from a Window 10 machine with 4.7 installed.
更新
我尝试使用HttpClient进行测试,结果相同,我必须显式设置SecurityProtocol。
I tried a test with HttpClient and had the same results, I had to explicitly set SecurityProtocol.
代码:
var msg = new StringBuilder();
// Need to uncomment code below for TLS 1.2 to be used
// ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
try
{
var response = await _client.GetAsync(@"https://sandbox.authorize.net");
msg.AppendLine("response.IsSuccessStatusCode : " + response.IsSuccessStatusCode);
msg.AppendLine(await response.Content.ReadAsStringAsync());
textBox.Text = msg.ToString();
}
catch (Exception exception)
{
textBox.Text = exception.Message;
if (exception.InnerException != null)
{
textBox.Text += Environment.NewLine + @" ->" + exception.InnerException.Message;
}
}
推荐答案
I找到了一种解决方案。它没有回答关于为什么默认情况下在带有.NET 4.7的Win10上不使用TLS 1.2的问题,但是它确实使我不必设置ServicePointManager.SecurityProtocol。
I've found one solution. It doesn't answer the question about why TLS 1.2 isn't being used by default on Win10 with .NET 4.7, but it does allow me not to have to set ServicePointManager.SecurityProtocol.
适用于我的4.5.2和4.7测试应用程序的解决方案是将以下内容添加到app.config:
The solution that worked from both my 4.5.2 and 4.7 test apps is to add the following to app.config:
<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=false"/>
这里是整个app.config:
Here the whole app.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7"/>
</startup>
<runtime>
<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=false"/>
</runtime>
</configuration>
这篇关于没有显式ServicePointManager.SecurityProtocol调用,在.NET 4.7中未协商TLS 1.2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
