客户端和服务器无法通信，因为它们不具有通用算法-ASP.NET C＃IIS TLS 1.0 / 1.1 / 1.2-Win32Exception [英] The client and server cannot communicate, because they do not possess a common algorithm - ASP.NET C# IIS TLS 1.0 / 1.1 / 1.2 - Win32Exception

问题描述

我在使用C＃PayTrace网关时遇到问题。直到昨天我相信由于Poodle Exploit而关闭了SSL3，下面的代码才能正常工作。当运行下面的代码时，我们收到以下消息。远程服务器已强制关闭连接。在对该问题进行了一些研究之后，我们确定由于IIS Server 7.5配置为仍使用SSL3，因此C＃默认为SSL3，PayTrace会强行关闭该连接。然后，我们从服务器上删除了SSL3。然后导致以下错误：

I have an issue with a C# PayTrace Gateway. The below code was working fine until yesterday when I believe they turned off SSL3 due to the Poodle Exploit. When running the code below we got the following message. The remote server has forcefully closed the connection. After doing some research on the problem we determined that because our IIS Server 7.5 was configured to still use SSL3, C# defaulted to SSL3, which PayTrace would forcibly close the connection. We then removed SSL3 from the server. Which then lead to the following error:

客户端和服务器无法通信，因为它们不具有通用算法。

我的猜测是，既然删除了SSL 3，我们还需要在服务器上安装其他SSL算法。我们的IT员工声称TLS 1.1和TLS 1.2可以正常工作，并且ASP.NET现在应该默认使用它们。但是我觉得仍然需要在服务器上安装其他东西，因为我不了解SSL算法，所以不知道从哪里开始。

My guess is that there are additional SSL algorithm we need to install on the server now that SSL 3 is removed. Our IT staff claims that TLS 1.1 and TLS 1.2 are working and that ASP.NET should be now defaulting to those. But I feel like there still must be something else we need to install on the server, I have no knowledge of SSL Algorithms so I have no idea where to begin.

var postUrl = new StringBuilder();

//Initialize url with configuration and parameter values...
postUrl.AppendFormat("UN~{0}|", this.MerchantLoginID);
postUrl.AppendFormat("PSWD~{0}|", this.MerchantTransactionKey);
postUrl.Append("TERMS~Y|METHOD~ProcessTranx|TRANXTYPE~Sale|"); 
postUrl.AppendFormat("CC~{0}|", cardNumber);
postUrl.AppendFormat("EXPMNTH~{0}|", expirationMonth.PadLeft(2, '0'));
postUrl.AppendFormat("EXPYR~{0}|", expirationYear);
postUrl.AppendFormat("AMOUNT~{0}|", transactionAmount);
postUrl.AppendFormat("BADDRESS~{0}|", this.AddressLine1);
postUrl.AppendFormat("BADDRESS2~{0}|", this.AddressLine2);
postUrl.AppendFormat("BCITY~{0}|", this.City);
postUrl.AppendFormat("BSTATE~{0}|", this.State);
postUrl.AppendFormat("BZIP~{0}|", this.Zip);
postUrl.AppendFormat("SADDRESS~{0}|", this.AddressLine1);
postUrl.AppendFormat("SADDRESS2~{0}|", this.AddressLine2);
postUrl.AppendFormat("SCITY~{0}|", this.City);
postUrl.AppendFormat("SSTATE~{0}|", this.State);
postUrl.AppendFormat("SZIP~{0}|", this.Zip);
if (!String.IsNullOrEmpty(this.Country))
{
    postUrl.AppendFormat("BCOUNTRY~{0}|", this.Country);
}
if (!String.IsNullOrEmpty(this.Description))
{
    postUrl.AppendFormat("DESCRIPTION~{0}|", this.Description);
}
if (!String.IsNullOrEmpty(this.InvoiceNumber))
{
    postUrl.AppendFormat("INVOICE~{0}|", this.InvoiceNumber);
}
if (this.IsTestMode)
{
    postUrl.AppendFormat("TEST~Y|");
}

//postUrl.Append();

WebClient wClient = new WebClient();
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
String sRequest = "PARMLIST=" + Url.Encode(postUrl.ToString());
wClient.Headers.Add("Content-Type", "application/x-www-form-urlencoded");
string sResponse = "";
sResponse = wClient.UploadString(PayTraceUrl, sRequest);

此外，仅供参考，当我们连接到First Data E4网关时，也会发生此问题不只是PayTrace的事情。我的猜测是，随着越来越多的网关关闭对SSL3的访问，我们将继续在其他网关上遇到问题，直到可以在服务器上解决该问题为止。另外，我确实在网上找到了一些建议，其中一些建议在发出出站请求之前就将以下代码放置：

Also, just an FYI, this issue is also happening when we connect to First Data E4 gateway so it's not just a PayTrace thing. My guess is that as more gateways turn off access to SSL3 we'll continue to run into issues with other gateways until this can be resolved on the server. Also, I did find a few suggestions online, some suggested placing the following code right before making the outbound request:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;

不幸的是，这也不起作用，同样的错误。这就是为什么我认为需要在IIS7.5服务器上安装其他东西的原因。我只是不确定。

Unfortunately that did not work either, same error. Which is why I'm thinking something additional needs to be installed on the IIS7.5 server. I'm just not sure what.

推荐答案

现在还有其他几篇文章，它们都指向启用TLS 1.2。

There are several other posts about this now and they all point to enabling TLS 1.2. Anything less is unsafe.

您可以在.NET 3.5中使用补丁进行此操作。

您可以在.NET 4.0和4.5中通过以下操作进行操作：一行代码

You can do this in .NET 3.5 with a patch.
You can do this in .NET 4.0 and 4.5 with a single line of code

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; // .NET 4.5
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; // .NET 4.0

在.NET 4.6中，它会自动使用TLS 1.2。

In .NET 4.6, it automatically uses TLS 1.2.

有关更多详细信息，请参见此处：
。NET对TLS的支持

See here for more details: .NET support for TLS

这篇关于客户端和服务器无法通信，因为它们不具有通用算法-ASP.NET C＃IIS TLS 1.0 / 1.1 / 1.2-Win32Exception的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！