设置SecurityProtocol(SSL3或TLS)在.NET HttpWebRequest的每个请求 [英] Set the SecurityProtocol (Ssl3 or TLS) on the .net HttpWebRequest per request
问题描述
我的应用程序(.NET 3.5 SP1)使用HttpWebRequest与不同的终端进行通信,有时它通过HTTPS每个托管服务器可能有不同的安全协议要求说TLS或SSL3或任。
My application (.net 3.5 sp1) uses the HttpWebRequest to communicate with different endpoints, sometimes its over HTTPS where each hosting server may have a different security protocol requirement say TLS or SSL3 or either.
一般情况下,服务器发挥不错,并愉快地洽谈/回退到上SecurityProtocol要使用的TLS或SSL3,但有些不和时,.NET设置为TLS或SSL3(默认我认为)那些只支持SSL3服务器导致.NET抛出一个发送错误。
Generally the servers play nice and happily negotiate/fallback on what SecurityProtocol to use TLS or SSL3, but some don't and when .net is set up as TLS or SSL3 (the default I think) those servers that only support SSL3 cause .net to throw a send error.
这是我可以告诉.NET提供了一个属性SecurityProtocol可以设置为TLS,SSL3或两个ServicePointManager对象。当设置为两个的想法。因此理想的是在客户端和服务器之间应该谈判,以使用什么,但作为previously说,似乎没有工作。
From what I can tell .net provides the ServicePointManager object with a property SecurityProtocol which can be set to TLS, SSL3 or both. Hence ideally when set to both the idea is the client and server should negotiate as to what to use, but as previously stated that don't seem to work.
据说你可以设置ServicePointManager.SecurityProtocol = SSL3但对于那些希望使用TLS终点?
Supposedly you could set the ServicePointManager.SecurityProtocol = Ssl3 but what about the endpoints that want to use TLS?
余与ServicePointManager和SecurityProtocol看到的问题是,它的静态和因此应用宽域
The problem I see with the ServicePointManager and the SecurityProtocol is that its static and therefore application domain wide.
所以这个问题..
我将如何去使用HttpWebRequest具有不同SecurityProtocol例如
how would I go about using the HttpWebRequest with a different SecurityProtocol e.g.
1)网址1套使用TLS | SSL3(协商)
1) url 1 set to use TLS | Ssl3 (negotiate)
2)的网址2设置为SSL3(SSL3只)
2) url 2 set to Ssl3 (Ssl3 only)
推荐答案
不幸的是,它没有看起来像你可以为每个服务点进行定义。我建议你的文件在MS连接网站这方面的功能要求。
Unfortunately, it doesnt look like you can customize this per service point. I would suggest that you file a feature request at the MS Connect website for this area.
作为一个肮脏的解决方法,你可以尝试执行需要在一个新的AppDomain不同的安全协议的网站。静态实例是每个AppDomain,所以应该给你你需要的隔离。
As a dirty workaround, you could try executing the sites that require a different security protocol in a new appdomain. Static instances are per appdomain, so that should give you the isolation you need.
这篇关于设置SecurityProtocol(SSL3或TLS)在.NET HttpWebRequest的每个请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
