Visual Studio 2015 - 无法登录,在公司代理后面使用 NuGet 等 [英] Visual Studio 2015 - Can't sign in, Use NuGet, etc. behind corporate proxy
问题描述
我支持需要身份验证的公司代理服务器.使用 Visual Studio 2015,我无法登录、使用 NuGet、浏览扩展等 - 所有需要通过代理访问 Internet 的事情.这在以前版本的 Visual Studio 中不是问题.
I'm behind a corporate proxy server that requires authentication. Using Visual Studio 2015, I am not able to sign in, use NuGet, browse Extensions, etc. - all things that would require going through the proxy to access the Internet. This isn't a problem in previous versions of Visual Studio.
如果我运行充当中间代理的 Fiddler,并将向公司代理进行身份验证,那么一切正常.或者,如果我在公共互联网上使用我的笔记本电脑(不在公司代理后面),一切正常.
If I run Fiddler, which acts as an intermediary proxy, and will authenticate to the corporate proxy, then everything works. Or, if I get my laptop on public Internet (not behind the corporate proxy), everything works.
我尝试按照建议修改 C:Program Files (x86)Microsoft Visual Studio 14.0Common7IDEdevenv.exe.config 这里.我试过了
I've tried modifying C:Program Files (x86)Microsoft Visual Studio 14.0Common7IDEdevenv.exe.config as suggested here. I've tried
<defaultProxy enabled="true" useDefaultCredentials="true">
<proxy bypassonlocal="True" proxyaddress="http://<yourproxy:port#>"/>
</defaultProxy>
和
<defaultProxy enabled="true" useDefaultCredentials="true">
<proxy usesystemdefault="true"/>
</defaultProxy>
...但无济于事.还有其他人遇到过这个问题吗?
...but to no avail. Anyone else run into this issue?
更新: 正如 Dimitri 所述,NuGet 现在可以正常工作.唯一仍然不起作用的是登录屏幕和开始"页面上的精选视频"提要.我一直在与我们的 Microsoft 客户代表联系,我正在向 Microsoft 发送内存转储,以便他们进一步排除故障.
UPDATE: As Dimitri stated below, NuGet now works correctly. The only thing that still doesn't work is the sign-in screen and the "Featured Videos" feed on the Start page. I've been in contact with our Microsoft account rep, and I'm sending a memory dump to Microsoft for them to troubleshoot further.
更新: NuGet 再次停止工作.我们已经确定 Fiddler 使其工作的原因是因为 Fiddler 强制使用 TLS 1.0连接.主要问题是我们的公司代理 BlueCoat 不允许 TLS 1.2 连接,并且 Visual Studio 不能像 IE/Chrome 那样优雅地回退到 TLS 1.1 或 1.0.有了这些信息,我将前往我们的网络/安全团队尝试到达某个地方.
UPDATE: NuGet stopped working again. We've determined that the reason that Fiddler makes it work is because Fiddler forces TLS 1.0 connections. The main issue is that our corporate proxy, BlueCoat, is not allowing TLS 1.2 connections, and Visual Studio must not gracefully fallback to TLS 1.1 or 1.0 like IE/Chrome does. Armed with this info, I'm going to our network/security team to attempt to get somewhere.
推荐答案
.Net 4.6(和 Visual Studio 2015)对于 System.Net.ServicePointManager.SecurityProtocol 的默认设置与之前版本不同框架.除了 TLS 1.0 之外,默认值现在还包括 TLS 1.2 和 TLS 1.1.这就是为什么在早期版本的 Visual Studio 中这从来都不是问题.
.Net 4.6 (and Visual Studio 2015) has a different default for System.Net.ServicePointManager.SecurityProtocol than prior versions of the framework. The default now includes TLS 1.2 and TLS 1.1, in addition to TLS 1.0. That's why this was never an issue in earlier versions of Visual Studio.
在我们的案例中,问题归结为我们的企业 BlueCoat 代理不支持 TLS 1.2 ECDHE-ECDSA 密码.长期解决方案是将 BlueCoat 更新到支持这种新密码的版本.但就短期而言,我们能够指定 Windows 尝试使用不同密码套件的顺序,因此它使用 BlueCoat 理解的密码.
In our case, the issue came down to our corporate BlueCoat proxy not supporting the TLS 1.2 ECDHE-ECDSA ciphers. The long-term solution is to update BlueCoat to a version that supports this new cipher. But for the short term, we were able to specify the order that Windows attempts to use different cipher suites, so it uses a cipher that BlueCoat understands.
- 打开本地组策略编辑器 (gpedit.msc)
- 展开计算机配置 -> 管理模板 -> 网络 -> SSL 配置设置.
- 打开 SSL 密码套件顺序设置.
- 将设置设为已启用,然后将 SSL 密码套件顺序设为:
<代码> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256、TLS_DHE_DSS_WITH_AES_256_CBC_SHA、TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA、TLS_RSA_WITH_RC4_128_MD5、SSL_CK_RC4_1258
(确保复制粘贴后列表中没有空格)
(make sure there are no spaces in the list after you copy-and-paste it)
- 点击确定",然后重新启动您的计算机.
与默认值相比,唯一的变化是将 TLS_ECDHE_RSA_WITH_AES_CBC_SHA_P256 移到开头,以便 TLS 1.2 不会首先协商更高强度的 ECDSA 密码.如果您遇到类似问题,您可能需要与您的网络/安全团队合作,以确定您需要优先考虑哪些密码.
The only change from default is to move TLS_ECDHE_RSA_WITH_AES_CBC_SHA_P256 to the beginning so that higher strength ECDSA ciphers are not negotiated first for TLS 1.2. If you're having a similar problem, you may need to work with your network/security team to determine what ciphers you need to give preference to.
这篇关于Visual Studio 2015 - 无法登录,在公司代理后面使用 NuGet 等的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
