如何添加对ASP.NET的Htt prequest客户端提供的密码套件? [英] How to add to the cipher suites available to ASP.NET HttpRequest client?
问题描述
在我的ASP.NET网站上Windows 7的机器上运行,它可以连接(编程为客户),以SSL加密服务(服务器)上的另一个Windows 7的机器就好了。
但是,如果我的网站是在生产框(Windows Server 2003中),该服务的窗口日志显示:
的TLS 1.0的连接请求从远程客户端应用程序收到,但没有客户端应用程序支持的密码是由服务器支持。 SSL连接请求已失败。
(服务使用通过makecert.exe创建自签名的证书,但我看不出如何让makecert让更多的密码套件......还是我的2003箱安装的东西......这? http://serverfault.com/questions/166750 因为我不使用CSR)<不为我工作/对>
解决方案是再次生成我的证书,这一次迫使RSA和SHA1(虽然SHA1应该是默认反正)。出于某种原因,赢服务器2K3不能或不会使用默认的makecert证书使用正确的密码。这里是为我工作的命令行:
makecert -r -pe我-ss -sr LOCALMACHINE -nCN = domainnameoripaddressgoeshere.com-e 2098年1月1日-a SHA1 -eku 1.3.6.1.5.5.7.3.1 -sky交流-SP微软RSA SChannel加密提供-sy 12
有关详细信息,请参阅<一个href=\"http://mgowen.com/2013/06/19/cipher-suites-issue/\">http://mgowen.com/2013/06/19/cipher-suites-issue/和<一个href=\"http://msdn.microsoft.com/en-us/library/bfsktky3(v=vs.110).aspx\">http://msdn.microsoft.com/en-us/library/bfsktky3(v=vs.110).aspx
如果有人找到这个的确实的想了解,虽然密码套件,这里的一些东西,我一路走来发现,可以帮助你:
- 您可以使用此修复程序添加两个RSA加密套件到Windows Server 2003: http://support.microsoft.com/kb/ 948963
- 您可以看到密码在注册表编辑器(Windows的注册表编辑器)下的 HKLM \\ SYSTEM支持\\ CURRENTCONTROLSET \\控制\\ SecurityProviders \\ SCHANNEL \\加密算法
- 您可以使用IIS加密(无密码配置应用程序, https://www.nartac.com/Products/IISCrypto/ )来查看和启用/禁用密码(包括以上修补程序的密码)。
When my ASP.NET website is running on a windows 7 box, it can connect (programmatically as a "client") to an SSL-encrypted service ("server") on another windows 7 machine just fine.
But if my website is on the production box (windows server 2003), the service's windows log shows:
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
(service is using a self-signed cert created by makecert.exe, but I can't see how to make makecert allow more cipher suites... or do I install something on the 2003 boxes...? This: http://serverfault.com/questions/166750 doesn't work for me because I am not using a CSR)
The solution was to generate my certificate again, this time forcing RSA and SHA1 (though SHA1 should be the default anyway). For some reason Win Server 2k3 couldn't or wouldn't use the right ciphers with a default makecert certificate. Here is the command line that worked for me:
makecert -pe -r -ss my -sr localMachine -n "CN=domainnameoripaddressgoeshere.com" -e 01/01/2098 -a sha1 -eku 1.3.6.1.5.5.7.3.1 -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
For details see http://mgowen.com/2013/06/19/cipher-suites-issue/ and http://msdn.microsoft.com/en-us/library/bfsktky3(v=vs.110).aspx .
If anyone finding this does want to know about cipher suites though, here's some stuff I found along the way that may help you:
- You can add two RSA cipher suites to windows server 2003 using this hotfix: http://support.microsoft.com/kb/948963
- You can see which ciphers are supported in regedit (windows registry editor) under HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers
- You can use IIS Crypto (a free cipher config app, https://www.nartac.com/Products/IISCrypto/) to view and enable/disable ciphers (including those hotfix ciphers above).
这篇关于如何添加对ASP.NET的Htt prequest客户端提供的密码套件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
