为什么ServicePointManager.SecurityProtocol的默认值在不同的计算机上不同? [英] Why ServicePointManager.SecurityProtocol default value is different on different machines?
问题描述
目前,我有一个问题,无法找到严格的答案.
Currently I have an issue and can't find strict answer on it.
我有针对4.6.1框架的ASP.NET MVC 5应用程序,其目标是与受TLS 1.1/TLS 1.2协议保护的第三方API一起使用.
I have ASP.NET MVC 5 application targeting 4.6.1 framework and its goal is to work with third party API's that are secured by TLS 1.1/TLS 1.2 protocols.
我尝试在两种环境中运行我的应用程序:
I have tried to run my application on 2 environments:
- 我的本地计算机Windows 10 with .NET 4.6.2 Framework,IIS Express;
- 服务器计算机带有.NET 4.6.1,IIS 8.0的Windows Server 2012;
问题在于,当我在本地启动它时,ServicePointManager.SecurityProtocol默认值设置为Ssl3, Tls,所以我无法定位API,因此必须在应用程序上对其进行编码以使用TLS 1.1/TLS 1.2:
The issue is in that when I start it locally ServicePointManager.SecurityProtocol default value is set to Ssl3, Tls, so I can't target API's and have to code it on application start to use TLS 1.1/TLS 1.2: ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12.
当应用程序在服务器上运行时,默认值ServicePointManager.SecurityProtocol设置为Tls, Tls11, Tls12,因此效果很好.
When application runs on server default value ServicePointManager.SecurityProtocol is set to Tls, Tls11, Tls12, so it works well.
根据在.NET Framework 4.6或更高版本上运行的文档应用程序,默认情况下必须使用TLS 1.1/TLS 1.2(在远程计算机上的使用方式).
According to documentation applications run on .NET Framework 4.6 or above versions have to use TLS 1.1/TLS 1.2 by default, how it is on remote machine.
为什么ServicePointManager.SecurityProtocol的默认值不同?是因为.NET Framework配置吗?也许注册表设置?我已经搜索过了,但是找不到答案.
Why the default values of ServicePointManager.SecurityProtocol are different? Is it because .NET Framework configuration? Or maybe registry settings? I have searched through it but couldn't find an answer.
推荐答案
请注意,故意没有为此属性列出默认值.安全格局不断变化,默认协议和保护级别会随着时间而变化,以避免已知的漏洞.默认值会因单个计算机的配置,安装的软件以及已应用的修补程序而异.
Note that no default value is listed for this property, on purpose. The security landscape changes constantly, and default protocols and protection levels are changed over time in order to avoid known weaknesses. Defaults will vary depending on individual machine configuration, and on which software is installed, and on which patches have been applied. MSDN博客: Windows上对SSL/TLS协议的支持: 在Windows上,对SSL/TLS协议的支持与SCHANNEL组件绑定在一起.因此,如果特定的操作系统版本不支持SSL/TLS版本,则表示该版本仍不受支持. On Windows the support for SSL/TLS protocols is tied to the SCHANNEL component. So, if a specific OS version doesn’t support a SSL/TLS version, this means it remains unsupported. MSDN:密码套件TLS/SSL(Schannel SSP) 不同的Windows版本支持不同的TLS密码套件和优先级顺序.请参阅相应的Windows版本,以获取Microsoft Schannel Provider选择它们的默认顺序. Different Windows versions support different TLS cipher suites and priority order. See the corresponding Windows version for the default order in which they are chosen by the Microsoft Schannel Provider. 换句话说:这取决于您的Windows版本及其补丁程序级别. In other words: this is determined by your Windows version and its patch level. 但是就像@Damien所说的那样,为什么还要打扰默认级别? But like @Damien said, why would you bother what the default level is? 这篇关于为什么ServicePointManager.SecurityProtocol的默认值在不同的计算机上不同?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
