无法使用WebClient.DownloadFile方法从启用了TLS 1.1 / 1.2协议的计算机下载文件 [英] Can't download files from the computer with enabled TLS 1.1/1.2 protocols using WebClient.DownloadFile method
问题描述
我正在尝试使用Webclient.DownloadFile方法通过TLS 1.1 / 1.2协议实现一个简单的控制台应用程序来下载文件。
这是应用程序的代码:
I'm trying to implement a simple console application to download the files using Webclient.DownloadFile method over TLS 1.1/1.2 protocols. This is the code for the application:
var downloadUrl = "https://serverURL.com/sample.mp3";
var filename = "sample.mp3";
var myWebClient = new WebClient();
myWebClient.DownloadFile(downloadUrl, filename);
我每次运行它时都会收到以下错误消息:
Everytime I run it I'm getting the following error message:
Unhandled Exception: System.Net.WebException:
The underlying connection was closed: An unexpected error occurred on a receive. --->
System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possessa common algorithm
at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)
at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)
at System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)
at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.TlsStream.CallProcessAuthentication(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Net.WebClient.DownloadFile(Uri address, String fileName)
at System.Net.WebClient.DownloadFile(String address, String fileName)
at web_downloader.Program.Main(String[] args) in c:\Users\user\Documents\Visual Studio 2013\Projects\web_downloader\web_downloader\Program.cs:line 27
我有以下设置:web_downloader应用程序位于 ServerA (Windows Server 2012 R2 / 64bit),在 HKEY_LOCAL_MACHINE / SYSTEM / CurrentControlSet / Control / SecurityProviders / SCHANNEL / Protocols 下的注册表项中包含以下内容:
I have the following setup: web_downloader application is located on ServerA (Windows Server 2012 R2/64bit), which has the following in the registry key under HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Protocols:
PCT 1.0
--Client
----DisabledByDefault=1
----Enabled=0
--Server
----DisabledByDefault=1
----Enabled=0
SSL 2.0
--Client
----DisabledByDefault=1
----Enabled=0
--Server
----DisabledByDefault=1
----Enabled=0
SSL 3.0
--Client
----DisabledByDefault=1
----Enabled=0
--Server
----DisabledByDefault=1
----Enabled=0
TLS 1.0
--Client
----DisabledByDefault=1
----Enabled=0
--Server
----DisabledByDefault=1
----Enabled=0
TLS 1.1
--Client
----DisabledByDefault=0
----Enabled=1
--Server
----DisabledByDefault=0
----Enabled=1
TLS 1.2
--Client
----DisabledByDefault=0
----Enabled=1
--Server
----DisabledByDefault=0
----Enabled=1
存储 sample.mp3 文件的 ServerB 具有以下内容:
And ServerB, which stores sample.mp3 file, has the following:
SSL 2.0
Client
DisabledByDefault=1
TLS 1.1
Client
DisabledByDefault=0
Enabled=1
Server
DisabledByDefault=0
Enabled=1
TLS 1.2
Client
DisabledByDefault=0
Enabled=1
Server
DisabledByDefault=0
Enabled=1
我在 ServerA <上启用TLS 1.0 / strong>我可以从
As soon as I enable TLS 1.0 on ServerA I'm able to download the mp3 file from ServerB (Windows 7/64bit/Net Framework 4.5.1) without any issues.
系统加密:使用符合FIPS标准的算法进行加密,两台计算机上都禁用了哈希和签名策略。
我是否缺少DownloadFile方法的任何配置参数以使用TLS 1.1 / 1.2?
Am I missing any configuration parameters for DownloadFile method to work with TLS 1.1/1.2?
推荐答案
.NET Framework使用自己的设置来确定默认使用的HTTPS版本。有关 ServicePointManager.SecurityProtocol <的信息,请参见 https://stackoverflow.com/a/169396/126229 / code>设置在客户端上设置以确保它尝试协商TLS1.1连接。
The .NET Framework uses its own settings to decide which HTTPS versions to use by default. See https://stackoverflow.com/a/169396/126229 for the ServicePointManager.SecurityProtocol setting to set on the client to ensure that it attempts to negotiate a TLS1.1 connection.
您还可以使用Fiddler观察出站流量(查看 CONNECT 隧道的TextView请求检查器)以获取ClientHello消息的细分。请注意,启用HTTPS解密的运行Fiddler会产生干扰,因为Fiddler本身默认使用SSL3 + TLS1与服务器通信。
You can also watch the outbound traffic with Fiddler (look at the CONNECT Tunnel's TextView Request inspector) for a breakdown of the ClientHello message. Be warned that running Fiddler with HTTPS-decryption enabled will interfere because Fiddler itself defaults to using SSL3+TLS1 to talk to servers.
这篇关于无法使用WebClient.DownloadFile方法从启用了TLS 1.1 / 1.2协议的计算机下载文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
