TSL/SSL在IIS托管应用程序上失败
TSL/SSL在IIS托管应用程序上失败
提问于 2022-03-24 14:14:24
我知道这是一个被问了很多次的话题,但是没有一个已经给出的答案帮助了我。
我在IIS 4.7.2上有一个Asp.NET Web APi,来自其中一个控制器,每次在IIS上托管而不是在调试时,都会发出http请求失败。
在承载IIS的windows服务器2008上:
- 在注册表中打开TLS 1.2
- 强加密在注册表中打开。
- 目标url证书位于可信存储区中。
以下是clien的创建方式:
_clientHandler = new WebRequestHandler() { AutomaticDecompression = System.Net.DecompressionMethods.Deflate | System.Net.DecompressionMethods.GZip };
_clientHandler.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
_clientHandler.Proxy = null;
_clientHandler.UseProxy = false;
_client = new HttpClient(_clientHandler);这是请求消息:
using (var message = new HttpRequestMessage(HttpMethod.Post, url))
{
message.Headers.TryAddWithoutValidation("Content-Type", "application/x-www-form-urlencoded");
using (var content = CreateUrlContent(request))
{
message.Content = content;
using (var response = await _client .SendAsync(message, HttpCompletionOption.ResponseHeadersRead))
{
return await Deserialize<Models.Token.AccessTokenResponse>(response);
}
}
}现在返回的例外情况是:
{
"Type": "System.Net.Http.HttpRequestException",
"Message": "An error occurred while sending the request.",
"Data": {},
"InnerException": {
"Type": "System.Net.WebException",
"Status": "SecureChannelFailure",
"Message": "The request was aborted: Could not create SSL\/TLS secure channel.",
"Data": {},
"TargetSite": "System.IO.Stream EndGetRequestStream(System.IAsyncResult, System.Net.TransportContext ByRef)",
"StackTrace": " at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)\r\n at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)",
"Source": "System",
"HResult": -2146233079
},下面是失败的跟踪(我已经重命名了真正的URL/IP并删除了秘密密钥):
System.Net Information: 0 : [7608] Current OS installation type is 'Server'.
System.Net Verbose: 0 : [5424] Entering HttpWebRequest#45858001::HttpWebRequest(https://secret.Url.To.Hide.Com/token#1252827567)
System.Net Information: 0 : [5424] RAS supported: True
System.Net Verbose: 0 : [5424] Exiting HttpWebRequest#45858001::HttpWebRequest()
System.Net Verbose: 0 : [5424] Entering HttpWebRequest#45858001::HttpWebRequest(uri: 'https://secret.Url.To.Hide.Com/token', connectionGroupName: '42319532')
System.Net Verbose: 0 : [5424] Exiting HttpWebRequest#45858001::HttpWebRequest()
System.Net Verbose: 0 : [5424] Entering ServicePoint#54863560::ServicePoint(secret.Url.To.Hide.Com:443)
System.Net Information: 0 : [5424] Associating HttpWebRequest#45858001 with ServicePoint#54863560
System.Net Verbose: 0 : [6548] Entering HttpWebRequest#45858001::BeginGetRequestStream()
System.Net Information: 0 : [6548] Associating Connection#7412602 with HttpWebRequest#45858001
System.Net.Sockets Verbose: 0 : [6548] Entering Socket#63549928::Socket(AddressFamily#2)
System.Net.Sockets Verbose: 0 : [6548] Exiting Socket#63549928::Socket()
System.Net.Sockets Verbose: 0 : [6548] Entering Socket#47270543::Socket(AddressFamily#23)
System.Net.Sockets Verbose: 0 : [6548] Exiting Socket#47270543::Socket()
System.Net.Sockets Verbose: 0 : [6548] Entering DNS::TryInternalResolve(secret.Url.To.Hide.Com)
System.Net.Sockets Verbose: 0 : [6548] Entering Socket#63549928::BeginConnectEx()
System.Net.Sockets Verbose: 0 : [6548] Entering Socket#63549928::InternalBind(0.0.0.0:0#0)
System.Net.Sockets Verbose: 0 : [6548] Exiting Socket#63549928::InternalBind()
System.Net.Sockets Verbose: 0 : [6548] Exiting Socket#63549928::BeginConnectEx() -> ConnectOverlappedAsyncResult#3708755
System.Net Verbose: 0 : [6548] Exiting HttpWebRequest#45858001::BeginGetRequestStream() -> ContextAwareResult#31973720
System.Net.Sockets Verbose: 0 : [3268] Entering Socket#63549928::EndConnect(ConnectOverlappedAsyncResult#3708755)
System.Net.Sockets Verbose: 0 : [3268] Entering Socket#63549928::InternalEndConnect(ConnectOverlappedAsyncResult#3708755)
System.Net.Sockets Information: 0 : [3268] Socket#63549928 - Created connection from 10.3.18.21:49787 to 193.86.xx.xxx:443.
System.Net.Sockets Verbose: 0 : [3268] Exiting Socket#63549928::InternalEndConnect()
System.Net.Sockets Verbose: 0 : [3268] Exiting Socket#63549928::EndConnect()
System.Net.Sockets Verbose: 0 : [3268] Entering Socket#47270543::Close()
System.Net.Sockets Verbose: 0 : [3268] Entering Socket#47270543::Dispose()
System.Net.Sockets Verbose: 0 : [3268] Exiting Socket#47270543::Close()
System.Net Information: 0 : [3268] Connection#7412602 - Created connection from 10.3.18.21:49787 to 193.86.xx.xxx:443.
System.Net Information: 0 : [3268] TlsStream#19483210::.ctor(host=secret.Url.To.Hide.Com, #certs=0, checkCertificateRevocationList=False, sslProtocols=None)
System.Net Information: 0 : [3268] Associating HttpWebRequest#45858001 with ConnectStream#23811154
System.Net Information: 0 : [3268] HttpWebRequest#45858001 - Request: POST /token HTTP/1.1
System.Net Information: 0 : [3268] ConnectStream#23811154 - Sending headers
{
Authorization: Basic YOU DO NOT NEED TO SEE SECRET KEY HERE
Content-Type: application/x-www-form-urlencoded
Host: secret.Url.To.Hide.Com
Content-Length: 289
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
}.
System.Net Information: 0 : [3268] SecureChannel#21312719::.ctor(hostname=secret.Url.To.Hide.Com, #clientCertificates=0, encryptionPolicy=RequireEncryption)
System.Net Information: 0 : [3268] Enumerating security packages:
System.Net Information: 0 : [3268] Negotiate
System.Net Information: 0 : [3268] NegoExtender
System.Net Information: 0 : [3268] Kerberos
System.Net Information: 0 : [3268] NTLM
System.Net Information: 0 : [3268] Schannel
System.Net Information: 0 : [3268] Microsoft Unified Security Protocol Provider
System.Net Information: 0 : [3268] WDigest
System.Net Information: 0 : [3268] TSSSP
System.Net Information: 0 : [3268] pku2u
System.Net Information: 0 : [3268] CREDSSP
System.Net Information: 0 : [3268] SecureChannel#21312719 - Left with 0 client certificates to choose from.
System.Net Information: 0 : [3268] SecureChannel#21312719::.AcquireClientCredentials, new SecureCredential() (flags=(ValidateManual, NoDefaultCred, SendAuxRecord, UseStrongCrypto), m_ProtocolFlags=(Zero), m_EncryptionPolicy=RequireEncryption)
System.Net Information: 0 : [3268] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Information: 0 : [3268] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = secret.Url.To.Hide.Com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [3268] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=164, returned code=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [3268] Entering Socket#63549928::BeginSend()
System.Net.Sockets Verbose: 0 : [3268] Exiting Socket#63549928::BeginSend() -> OverlappedAsyncResult#55998275
System.Net.Sockets Verbose: 0 : [9712] Data from Socket#63549928::PostCompletion
System.Net.Sockets Verbose: 0 : [9712] 00000000 : 16 03 03 00 9F 01 00 00-9B 03 03 62 3C 1A 7E 16 : ...........b<.~.
System.Net.Sockets Verbose: 0 : [9712] 00000010 : E3 DC 6F 9F 75 12 6F E1-2B 57 9E CB 88 6E 45 62 : ..o.u.o.+W...nEb
System.Net.Sockets Verbose: 0 : [9712] 00000020 : C8 2B F2 7A 1A 9C 7D 72-F1 CA 22 00 00 20 C0 28 : .+.z..}r..".. .(
System.Net.Sockets Verbose: 0 : [9712] 00000030 : C0 27 C0 14 C0 13 C0 2C-C0 2B C0 24 C0 23 C0 0A : .'.....,.+.$.#..
System.Net.Sockets Verbose: 0 : [9712] 00000040 : C0 09 00 9D 00 9C 00 3D-00 3C 00 35 00 2F 01 00 : .......=.<.5./..
System.Net.Sockets Verbose: 0 : [9712] 00000050 : 00 52 00 00 00 1B 00 19-00 00 16 6F 69 64 63 2E : .R.........oidc.
System.Net.Sockets Verbose: 0 : [9712] 00000060 : 73 61 6E 64 62 6F 78 2E-62 61 6E 6B 69 64 2E 63 : sandbox.bankid.c
System.Net.Sockets Verbose: 0 : [9712] 00000070 : 7A 00 0A 00 08 00 06 00-19 00 18 00 17 00 0B 00 : z...............
System.Net.Sockets Verbose: 0 : [9712] 00000080 : 02 01 00 00 0D 00 14 00-12 06 01 06 03 04 01 05 : ................
System.Net.Sockets Verbose: 0 : [9712] 00000090 : 01 02 01 04 03 05 03 02-03 02 02 00 17 00 00 FF : ................
System.Net.Sockets Verbose: 0 : [9712] 000000A0 : 01 00 01 00 : ....
System.Net.Sockets Verbose: 0 : [9712] Entering Socket#63549928::EndSend(OverlappedAsyncResult#55998275)
System.Net.Sockets Verbose: 0 : [9712] Exiting Socket#63549928::EndSend() -> Int32#164
System.Net.Sockets Verbose: 0 : [9712] Entering Socket#63549928::BeginReceive()
System.Net.Sockets Verbose: 0 : [9712] Exiting Socket#63549928::BeginReceive() -> OverlappedAsyncResult#29428925
System.Net.Sockets Verbose: 0 : [9712] Data from Socket#63549928::PostCompletion
System.Net.Sockets Verbose: 0 : [9712] 00000000 : 15 03 03 00 02 : .....
System.Net.Sockets Verbose: 0 : [9712] Entering Socket#63549928::EndReceive(OverlappedAsyncResult#29428925)
System.Net.Sockets Verbose: 0 : [9712] Exiting Socket#63549928::EndReceive() -> Int32#5
System.Net.Sockets Verbose: 0 : [9712] Entering Socket#63549928::BeginReceive()
System.Net.Sockets Verbose: 0 : [9712] Exiting Socket#63549928::BeginReceive() -> OverlappedAsyncResult#23934571
System.Net.Sockets Verbose: 0 : [8176] Data from Socket#63549928::PostCompletion
System.Net.Sockets Verbose: 0 : [8176] 00000000 : 02 28 : .(
System.Net.Sockets Verbose: 0 : [8176] Entering Socket#63549928::EndReceive(OverlappedAsyncResult#23934571)
System.Net.Sockets Verbose: 0 : [8176] Exiting Socket#63549928::EndReceive() -> Int32#2
System.Net Information: 0 : [8176] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = bc0e160:3343330, targetName = secret.Url.To.Hide.Com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [8176] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=IllegalMessage).
System.Net.Sockets Verbose: 0 : [8176] Entering Socket#63549928::Dispose()
System.Net Error: 0 : [8176] Exception in HttpWebRequest#45858001:: - The request was aborted: Could not create SSL/TLS secure channel..
System.Net Verbose: 0 : [8176] Entering HttpWebRequest#45858001::EndGetRequestStream()
System.Net Error: 0 : [8176] Exception in HttpWebRequest#45858001::EndGetRequestStream - The request was aborted: Could not create SSL/TLS secure channel..
System.Net Information: 0 : [7504] ServicePoint#54863560::CloseConnectionGroupInternal(42319532)
System.Net Information: 0 : [7504] ServicePoint#54863560::CloseConnectionGroupHelper(connectionGroupName=42319532, closeInternal=True)
System.Net Information: 0 : [7504] ServicePoint#54863560::ReleaseConnectionGroup(42319532S>I>&<>c#55601314::<.ctor>b__19_0)
System.Net Information: 0 : [7504] ServicePoint#54863560::ReleaseConnectionGroup, returning(true)
System.Net Information: 0 : [7504] ServicePoint#54863560::CloseConnectionGroupHelper, returning(True)回答 1
Stack Overflow用户
回答已采纳
发布于 2022-03-25 06:23:54
我认为TLS 1.2没有打开服务器,甚至您也没有在注册表中设置它。
此文档显示Windows 2008不支持TLS1.2。
当服务器不支持客户端需要的TLS版本时,也会报告此消息。所以你需要把服务器更新到2012年或2016年。服务器2019和2022更好。然后检查是否可以创建TLS连接。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/71604109
复制相关文章
相似问题
腾讯云开发者
