如何在ASP.NET 2.0应用程序中为API调用启用TLS 1.2? [英] How to enable TLS 1.2 for API call in ASP.NET 2.0 application?
问题描述
我们的ASP.NET 2.0网站通过调用Authorize.Net的API处理信用卡交易.授权已通知我们,在确定的某个日期,我们的客户必须必须使用TLS 1.2协议进行API调用.
Our ASP.NET 2.0 website processes credit card transactions via calls to Authorize.Net's API. Authorize has informed us that on a date certain, to be announced, our client must utilize TLS 1.2 protocol for API calls.
Microsoft似乎指示此10-22-16 KB文章中提供了一种解决方案:
Microsoft seemed to indicate that a solution is available in this 10-22-16 KB article: https://support.microsoft.com/en-us/help/3154517/support-for-tls-system-default-versions-included-in-the-.net-framework-2.0-sp2-on-windows-vista-sp2-and-server-2008-sp2
...我们添加了SslProtocolsExtensions枚举,您可以 用作设置TLS v1.2,TLS v1.1以及操作的选项 ServicePointManager.SecurityProtocol属性的系统默认值 定位 .NET Framework 2.0 SP2版时.
...we have added the SslProtocolsExtensions enumeration that you can use as an option for setting TLS v1.2, TLS v1.1, as well as operating system defaults for the ServicePointManager.SecurityProtocol property when targeting .NET framework version 2.0 SP2.
请注意,尽管有本文的标题,但上面的引用不是是指Windows Vista SP2或Windows 2008 SP2操作系统,因为这些操作系统不支持TLS v1.1和1.2.
Please note that, despite the title of this article, the quote above does not refer to Windows Vista SP2 or Windows 2008 SP2 operating systems, since those operating systems do not support TLS v1.1 and 1.2.
通过执行以下步骤,我已经实现并测试了对知识库文章中指示的解决方案的理解:
I have implemented and tested my understanding of the solution indicated in the KB article by taking the following steps:
- 在Windows Server 2008 R2 Web服务器上启用了TLS 1.2(并通过ssllabs.com进行了确认).
- 确认确实为.NET Framework 2.0版安装了SP2.
- 将引用的知识库文章中显示的两个源文件添加到我们的项目中(即SecurityProtocolTypeExtensions.cs和SslProtocolsExtensions.cs)
- 在API调用上方的项目中输入以下代码行(来自KB文章):System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolTypeExtensions.Tls12;
不幸的是,在运行应用程序时,我在上面第3项所示的代码行中遇到以下错误:
Unfortunately, when running the application, I encounter the following error on the line of code shown in item #3 above:
System.NotSupportedException:请求的安全协议不是 支持.
System.NotSupportedException: The requested security protocol is not supported.
在这一点上,我很沮丧.我特别感谢您对如何继续使用此解决方案的任何见解,但对了解您知道允许ASP.NET 2.0应用程序的API调用使用TLS 1.2的任何其他方法感兴趣. (升级到.NET框架的最新版本是不得已的选择.)
At this point, I am stumped. I'd especially appreciate any insights on how to move forward with this solution, but am interested in learning about any other approaches that you're aware of to allow an API call from an ASP.NET 2.0 application to utilize TLS 1.2. (Upgrading to a more recent version of the .NET framework is a last resort.)
提前感谢您的帮助!
推荐答案
我们不得不使用.NET 2.0应用程序迁移到TLS 1.2,并且我们不想将代码移植到.NET 4.5/4.6.经过几天的研究,并且在阅读了这篇文章之后,我们找到了解决方案.这篇文章引用了错误的HOTFIX.要使TLS 1.2在Server 2008 R2上适用于.NET 2.0,您需要此HOTFIX:
We had to migrate to TLS 1.2 with our .NET 2.0 app and we didn't want to port the code to .NET 4.5/4.6. After a few days of research and after coming across this post we found the solution. This post references the wrong HOTFIX. To get TLS 1.2 working for .NET 2.0 on Server 2008 R2 you need this HOTFIX: https://support.microsoft.com/en-us/help/3154518/support-for-tls-system-default-versions-included-in-the-.net-framework
它引用了3.5.1框架,但ALSO适用于2.0框架.安装此修复程序后,您可以按照指示在服务器上进行注册表更改,也可以在应用程序中进行代码更改以直接引用TLS 1.2.
It references 3.5.1 framework but ALSO works for 2.0 framework. Once the hotfix is installed you can either make registry changes on the server as indicated OR make code changes in your app to reference TLS 1.2 directly.
C# ServicePointManager.SecurityProtocol =(SecurityProtocolType)3072;
C# ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
VB ServicePointManager.SecurityProtocol = DirectCast(3072,System.Net.SecurityProtocolType)
VB ServicePointManager.SecurityProtocol = DirectCast(3072,System.Net.SecurityProtocolType)
对于其他操作系统,请在此处查看Troy Starr的帖子: https://community.qualys.com/thread/16917-net-framework
For other OS's check out Troy Starr's post here: https://community.qualys.com/thread/16917-net-framework
希望这会有所帮助
这篇关于如何在ASP.NET 2.0应用程序中为API调用启用TLS 1.2?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
