客户端和服务器不能通信，因为它们不具有一个共同的算法 [英] The client and server cannot communicate, because they do not possess a common algorithm

问题描述

我有一个C＃PayTrace网关的问题。下面code工作正常直到昨天，当我相信他们关掉SSL3由于贵宾漏洞。当运行code下面我们得到了如下信息。远程服务器有力地关闭了连接。对这个问题做了一些研究之后，我们确定，因为我们的IIS服务器7.5配置为仍然使用SSL3，C＃默认为SSL3，这PayTrace将强行关闭连接。然后，我们从服务器上删除SSL3。然后导致以下错误：

I have an issue with a C# PayTrace Gateway. The below code was working fine until yesterday when I believe they turned off SSL3 due to the Poodle Exploit. When running the code below we got the following message. The remote server has forcefully closed the connection. After doing some research on the problem we determined that because our IIS Server 7.5 was configured to still use SSL3, C# defaulted to SSL3, which PayTrace would forcibly close the connection. We then removed SSL3 from the server. Which then lead to the following error:

客户端和服务器不能通信，因为它们不具备一个共同的算法。

我的猜测是，有我们需要安装服务器现在SSL 3取消了对额外的SSL算法。我们的IT人员声称，TLS 1.1和TLS 1.2都工作，并且ASP.NET现在应该默认为那些。但我觉得仍有一定是别的东西，我们需要安装在服务器上，我没有SSL算法的知识，因此我不知道从哪里开始。

My guess is that there are additional SSL algorithm we need to install on the server now that SSL 3 is removed. Our IT staff claims that TLS 1.1 and TLS 1.2 are working and that ASP.NET should be now defaulting to those. But I feel like there still must be something else we need to install on the server, I have no knowledge of SSL Algorithms so I have no idea where to begin.

var postUrl = new StringBuilder();

//Initialize url with configuration and parameter values...
postUrl.AppendFormat("UN~{0}|", this.MerchantLoginID);
postUrl.AppendFormat("PSWD~{0}|", this.MerchantTransactionKey);
postUrl.Append("TERMS~Y|METHOD~ProcessTranx|TRANXTYPE~Sale|"); 
postUrl.AppendFormat("CC~{0}|", cardNumber);
postUrl.AppendFormat("EXPMNTH~{0}|", expirationMonth.PadLeft(2, '0'));
postUrl.AppendFormat("EXPYR~{0}|", expirationYear);
postUrl.AppendFormat("AMOUNT~{0}|", transactionAmount);
postUrl.AppendFormat("BADDRESS~{0}|", this.AddressLine1);
postUrl.AppendFormat("BADDRESS2~{0}|", this.AddressLine2);
postUrl.AppendFormat("BCITY~{0}|", this.City);
postUrl.AppendFormat("BSTATE~{0}|", this.State);
postUrl.AppendFormat("BZIP~{0}|", this.Zip);
postUrl.AppendFormat("SADDRESS~{0}|", this.AddressLine1);
postUrl.AppendFormat("SADDRESS2~{0}|", this.AddressLine2);
postUrl.AppendFormat("SCITY~{0}|", this.City);
postUrl.AppendFormat("SSTATE~{0}|", this.State);
postUrl.AppendFormat("SZIP~{0}|", this.Zip);
if (!String.IsNullOrEmpty(this.Country))
{
    postUrl.AppendFormat("BCOUNTRY~{0}|", this.Country);
}
if (!String.IsNullOrEmpty(this.Description))
{
    postUrl.AppendFormat("DESCRIPTION~{0}|", this.Description);
}
if (!String.IsNullOrEmpty(this.InvoiceNumber))
{
    postUrl.AppendFormat("INVOICE~{0}|", this.InvoiceNumber);
}
if (this.IsTestMode)
{
    postUrl.AppendFormat("TEST~Y|");
}

//postUrl.Append();

WebClient wClient = new WebClient();
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
String sRequest = "PARMLIST=" + Url.Encode(postUrl.ToString());
wClient.Headers.Add("Content-Type", "application/x-www-form-urlencoded");
string sResponse = "";
sResponse = wClient.UploadString(PayTraceUrl, sRequest);

此外，只是一个仅供参考，这个问题也是我们连接到第一数据E4网关，以便它不只是一个PayTrace的事情发生。我的猜测是，随着更多的网关关掉访问SSL3我们将继续运行到与其他门户的问题，直到这可以在服务器上得到解决。另外，我在网上也找了一些建议，有些建议让出站请求之前，将下面的code正确的：

Also, just an FYI, this issue is also happening when we connect to First Data E4 gateway so it's not just a PayTrace thing. My guess is that as more gateways turn off access to SSL3 we'll continue to run into issues with other gateways until this can be resolved on the server. Also, I did find a few suggestions online, some suggested placing the following code right before making the outbound request:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;

不幸的是没有任何工作，同样的错误。这就是为什么我想更多的东西需要在IIS7.5服务器上安装。我只是不知道是什么。

Unfortunately that did not work either, same error. Which is why I'm thinking something additional needs to be installed on the IIS7.5 server. I'm just not sure what.

推荐答案

这得到解决。事实证明，我们的IT人员是正确的。无论TLS 1.1和TLS 1.2被安装在服务器上。然而，问题是，我们的网站正在运行的ASP.NET 4.0，你必须有ASP.NET 4.5运行TLS 1.1或TLS 1.2。因此，要解决这个问题，我们的IT人员不得不重新启用TLS 1.0，以允许与PayTrace的连接。

This was resolved. It turns out our IT Staff was correct. Both TLS 1.1 and TLS 1.2 were installed on the server. However, the issue was that our sites are running as ASP.NET 4.0 and you have to have ASP.NET 4.5 to run TLS 1.1 or TLS 1.2. So, to resolve the issue, our IT Staff had to reenable TLS 1.0 to allow a connection with PayTrace.

因此​​，在短期，错误消息的客户端和服务器不能通信，因为它们不具备一个共同的算法，因为当时在服务器上没有可用的SSL协议与PayTrace的服务器通信被引起的。

So in short, the error message, "the client and server cannot communicate, because they do not possess a common algorithm", was caused because there was no SSL Protocol available on the server to communicate with PayTrace's servers.

这篇关于客户端和服务器不能通信，因为它们不具有一个共同的算法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！