如何在 ASP.NET 2.0 应用程序中为 API 调用启用 TLS 1.2? [英] How to enable TLS 1.2 for API call in ASP.NET 2.0 application?
问题描述
我们的 ASP.NET 2.0 网站通过调用 Authorize.Net 的 API 来处理信用卡交易.Authorize 已通知我们,在某个要宣布的日期,我们的客户必须使用 TLS 1.2 协议进行 API 调用.
Our ASP.NET 2.0 website processes credit card transactions via calls to Authorize.Net's API. Authorize has informed us that on a date certain, to be announced, our client must utilize TLS 1.2 protocol for API calls.
微软似乎在这篇 10-22-16 KB 的文章中指出了一个解决方案:https://support.microsoft.com/en-us/help/3154517/support-for-tls-system-default-versions-included-in-the-.net-framework-2.0-sp2-on-windows-vista-sp2-and-server-2008-sp2
Microsoft seemed to indicate that a solution is available in this 10-22-16 KB article: https://support.microsoft.com/en-us/help/3154517/support-for-tls-system-default-versions-included-in-the-.net-framework-2.0-sp2-on-windows-vista-sp2-and-server-2008-sp2
...我们添加了 SslProtocolsExtensions 枚举,您可以用作设置 TLS v1.2、TLS v1.1 以及操作的选项ServicePointManager.SecurityProtocol 属性的系统默认值面向 .NET Framework 2.0 SP2 版.
...we have added the SslProtocolsExtensions enumeration that you can use as an option for setting TLS v1.2, TLS v1.1, as well as operating system defaults for the ServicePointManager.SecurityProtocol property when targeting .NET framework version 2.0 SP2.
请注意,尽管本文标题如此,但上面的引用并非指的是 Windows Vista SP2 或 Windows 2008 SP2 操作系统,因为这些操作系统不支持 TLS v1.1 和1.2.
Please note that, despite the title of this article, the quote above does not refer to Windows Vista SP2 or Windows 2008 SP2 operating systems, since those operating systems do not support TLS v1.1 and 1.2.
我已通过以下步骤实施并测试了我对知识库文章中指出的解决方案的理解:
I have implemented and tested my understanding of the solution indicated in the KB article by taking the following steps:
- 在我们的 Windows Server 2008 R2 网络服务器上启用了 TLS 1.2(并通过 ssllabs.com 确认).
- 确认 SP2 实际上是为 .NET Framework 2.0 版安装的.
- 将引用的知识库文章中显示的两个源文件添加到我们的项目中(即 SecurityProtocolTypeExtensions.cs 和 SslProtocolsExtensions.cs)
- 在 API 调用正上方的项目中输入以下代码行(来自知识库文章):System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolTypeExtensions.Tls12;
不幸的是,在运行应用程序时,我在上面第 3 项中显示的代码行中遇到以下错误:
Unfortunately, when running the application, I encounter the following error on the line of code shown in item #3 above:
System.NotSupportedException: 请求的安全协议不是支持.
System.NotSupportedException: The requested security protocol is not supported.
在这一点上,我被难住了.我特别感谢有关如何推进此解决方案的任何见解,但我有兴趣了解您知道的任何其他方法,以允许来自 ASP.NET 2.0 应用程序的 API 调用以利用 TLS 1.2.(升级到更新版本的 .NET 框架是最后的手段.)
At this point, I am stumped. I'd especially appreciate any insights on how to move forward with this solution, but am interested in learning about any other approaches that you're aware of to allow an API call from an ASP.NET 2.0 application to utilize TLS 1.2. (Upgrading to a more recent version of the .NET framework is a last resort.)
预先感谢您的帮助!
推荐答案
我们不得不使用 .NET 2.0 应用程序迁移到 TLS 1.2,我们不想将代码移植到 .NET 4.5/4.6.经过几天的研究和看到这篇文章后,我们找到了解决方案.这篇文章引用了错误的 HOTFIX.要在 Server 2008 R2 上为 .NET 2.0 使用 TLS 1.2,您需要此 HOTFIX:https://support.microsoft.com/en-us/help/3154518/support-for-tls-system-default-versions-包含在 .net 框架中
We had to migrate to TLS 1.2 with our .NET 2.0 app and we didn't want to port the code to .NET 4.5/4.6. After a few days of research and after coming across this post we found the solution. This post references the wrong HOTFIX. To get TLS 1.2 working for .NET 2.0 on Server 2008 R2 you need this HOTFIX: https://support.microsoft.com/en-us/help/3154518/support-for-tls-system-default-versions-included-in-the-.net-framework
它引用了 3.5.1 框架,但也适用于 2.0 框架.安装修补程序后,您可以按照指示在服务器上更改注册表,也可以在您的应用中更改代码以直接引用 TLS 1.2.
It references 3.5.1 framework but ALSO works for 2.0 framework. Once the hotfix is installed you can either make registry changes on the server as indicated OR make code changes in your app to reference TLS 1.2 directly.
C#ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
C# ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
VBServicePointManager.SecurityProtocol = DirectCast(3072,System.Net.SecurityProtocolType)
VB ServicePointManager.SecurityProtocol = DirectCast(3072,System.Net.SecurityProtocolType)
对于其他操作系统,请在此处查看 Troy Starr 的帖子:https://community.qualys.com/thread/16917-net-framework
For other OS's check out Troy Starr's post here: https://community.qualys.com/thread/16917-net-framework
希望能帮到你
这篇关于如何在 ASP.NET 2.0 应用程序中为 API 调用启用 TLS 1.2?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
