NET的SslStream始终是谈判,以最不安全的密码我有。我该如何改变呢? [英] .NET's SslStream is always negotiating to the least secure cipher I have. How can I change this?
问题描述
SslStream应该协商的密码类型,密钥长度,散列算法等与其对等的SSL栈。当我在code。使用它,我发现,谈判始终默认为RC4和放大器; MD5。我想用3DES或AES一些增加安全性。
SslStream is supposed to negotiate the cipher type, key length, hash algorithm, etc. with its peer SSL stack. When using it in my code, I find that the negotiation always defaults to RC4 & MD5. I would like to use 3DES or AES for some added security.
网上寻找我发现只有很少提到这个问题,并没有解决各地;一张海报声称这实际上是有道理的,因为这两个协议栈之间的最小公分母是安全的,同时具有速度更快/使用更少的CPU资源的好处。虽然这可能是技术上是正确的,复杂性和成本之间我特别权衡出在其它地方(我preFER使用AES用长键)。
Looking around the web I find only a few references to this problem and no solutions; one poster is claiming this actually makes sense, since the lowest common denominator between the two stacks is secure while has the added benefit of being faster/using less CPU resources. While this may be technically correct, my particular trade-off between complexity and cost lies elsewhere (I prefer to use AES with a long key).
如果有人可以帮助我最好的AP preciate吧。
If anyone can help I'd appreciate it.
推荐答案
您可以选择哪些协议通过一些简单的注册表更改可供选择。我们删除选择RC4,例如能力。你只需要做出的连接(如服务器)的一端的变化,因为在客户端和服务器协商,以找到共同支持的算法
You can select which protocols are available for selection by making some simple registry changes. We remove the ability to select RC4, for example. You only need to make the change at one end of the connection (eg server) because the client and server negotiate to find commonly supported algorithm
http://msdn.microsoft.com/en-us/library/ ms925716.aspx
最良好的祝愿 詹姆斯
这篇关于NET的SslStream始终是谈判,以最不安全的密码我有。我该如何改变呢?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
