SoapHttpClientProtocol 和 TLS 1.2 - 客户端和服务器无法通信,因为它们没有通用算法 [英] SoapHttpClientProtocol and TLS 1.2 - The client and server cannot communicate, because they do not possess a common algorithm
问题描述
SO 上有很多关于此的帖子,我已经搜索了它们,但仍然没有解决方案.我希望有人能指出我正确的方向.
There are numerous posts on SO about this and I have scoured them, but still don't have a solution. I am hoping that someone can point me in the right direction.
我们现在需要使用 TLS 1.2 连接到远程提供程序.所以我已经安装了 Windows Server 2016 并根据需要进行了配置:
We have a requirement now to use TLS 1.2 to connect to a remote provider. So I have installed Windows Server 2016 and configured it as needed:
我知道远程服务器正在运行 TLS 1.2 并且它支持突出显示的密码.
I know the remote server is running TLS 1.2 and that it supports the highlighted cipher.
我们使用由提供者提供的 WSDL 生成的 C# 代理类连接到远程端点 - 在他们将其端转换为 TLS (System.Web.Services.Protocols.SoapHttpClientProtocol) 之前.
We connect to the remote end point using C# proxy class generated by the WSDL provided by the provider - before they converted their end to TLS (System.Web.Services.Protocols.SoapHttpClientProtocol).
当我使用代理连接时,我收到一个异常,内部异常是客户端和服务器无法通信,因为它们没有通用算法".
When I connect using the proxy I get an exception with the inner exception being "The client and server cannot communicate, because they do not possess a common algorithm".
我看不到 ServicePointManager.SecurityProtocol 的任何地方,所以我假设 .NET 正在选择 TLS 1.2,因为它是唯一启用的协议?不知道它是如何加密的.
I cannot see anywhere that ServicePointManager.SecurityProtocol so I am assuming .NET is picking up TLS 1.2 as it is the only enabled protocol? No idea how it is doing the cipher.
有人能告诉我我是如何尝试解决这个问题的吗?如果可能,我不想重新生成 WSDL 代理类.
Can someone tell me how I go about attempting to fix this? If possible I don't want to regenerate the WSDL proxy class.
推荐答案
如果您的客户端应用程序是针对 .NET Framework 4.5.2 或更低版本编译的,则默认情况下 ServicePointManager.SecurityProtocol 被初始化为 SecurityProtocolType.Ssl3 |SecurityProtocolType.Tls(仅限 SSL 3.0 和 TLS 1.0),因此无法连接到需要 TLS 1.2 的远程服务器.
If your client application was compiled against .NET Framework 4.5.2 or lower, then by default ServicePointManager.SecurityProtocol is initialized to SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls (SSL 3.0 and TLS 1.0 only), so it won't be able to connect to a remote server that requires TLS 1.2.
有几种方法可以让您的客户端应用程序使用 TLS 1.2:
There are several ways to allow your client application to use TLS 1.2:
- 针对 .NET Framework 4.6 或更高版本重新编译您的客户端应用程序.(在 Visual Studio 中,打开项目的属性页,转到应用程序"选项卡,然后更改目标框架.)
- 在客户端机器上,运行RegEdit.exe,进入
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319,添加一个DWORD(32位)名为SchUseStrongCrypto的值,并将其设置为 1.(此标志导致ServicePointManager.SecurityProtocol被初始化为Tls | Tls11 | Tls12.) - 当您的客户端应用程序启动时,打开 TLS 1.2:
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
- Recompile your client application against .NET Framework 4.6 or later. (In Visual Studio, open your project's property pages, go to the Application tab, and change the Target Framework.)
- On the client machine, run RegEdit.exe, go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319, add a DWORD (32-bit) value namedSchUseStrongCrypto, and set it to 1. (This flag causesServicePointManager.SecurityProtocolto be initialized toTls | Tls11 | Tls12.) - When your client application starts up, turn on TLS 1.2:
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
无需重新生成您的代理类,因为它不负责协商 TLS 协议或密码.
There's no need to regenerate your proxy class because it's not responsible for negotiating the TLS protocol or cipher.
这篇关于SoapHttpClientProtocol 和 TLS 1.2 - 客户端和服务器无法通信,因为它们没有通用算法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
