可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
I'm trying to establish SSL/TLS connection to test server with self-signed certificate. Communication through unsecure channel worked without issues.
Here is my sample code, which I've written based on this solutions: Allowing Untrusted SSL Certificates with HttpClient C# Ignore certificate errors? .NET client connecting to ssl Web API
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true; var c = new HttpClient(); var r = c.GetAsync("https://10.3.0.1:8443/rest/v1").Result; if (r.IsSuccessStatusCode) { Log.AddMessage(r.Content.Get()); } else { Log.AddMessage(string.Format("{0} ({1})", (int)r.StatusCode, r.ReasonPhrase)); }
also tried this:
var handler = new WebRequestHandler(); handler.ServerCertificateValidationCallback = delegate { return true; }; var c = new HttpClient(handler); ...
and this
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
but each time I've got an exception:
InnerException: System.Net.Http.HttpRequestException _HResult=-2146233088 _message=An error occurred while sending the request. HResult=-2146233088 IsTransient=false Message=An error occurred while sending the request. InnerException: System.Net.WebException _HResult=-2146233079 _message=The request was aborted: Could not create SSL/TLS secure channel. HResult=-2146233079 IsTransient=false Message=The request was aborted: Could not create SSL/TLS secure channel. Source=System StackTrace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar) InnerException:
What do I do wrong? Why I can't connect to this server (which has invalid-self-signed certificate)
回答1:
You are doing it right with ServerCertificateValidationCallback. This is not the problem you are facing. The problem you are facing is most likely the version of SSL/TLS protocol.
For example, if your server offers only SSLv3 and TLSv10 and your client needs TLSv12 then you will receive this error message. What you need to do is to make sure that both client and server have a common protocol version supported.
When I need a client that is able to connect to as many servers as possible (rather than to be as secure as possible) I use this (together with setting the validation callback):
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
回答2:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
And yet I continued to get the same “The request was aborted: Could not create SSL/TLS secure channel” error. I was attempting to connect to some older voice servers with HTTPS SOAP API interfaces (i.e. voice mail, IP phone systems etc… installed years ago). These only support SSL3 connections as they were last updated years ago.
One would think including SSl3 in the list of SecurityProtocols would do the trick here, but it didn’t. The only way I could force the connection was to include ONLY the Ssl3 protocol and no others:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
回答3:
We have been solving the same problem just today, and all you need to do is to increase the runtime version of .NET
4.5.2 didn't work for us with the above problem, while 4.6.1 was OK
If you need to keep the .NET version, then set
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
回答4:
If you are using a new domain name, and you have done all the above and you are still getting the same error, check to see if you clear the DNS cache on your PC. Clear your DNS for more details.
To clear your DNS cache if you use Windows 8, perform the following steps:
On your keyboard, press Win+X to open the WinX Menu.
Right-click Command Prompt and select Run as Administrator.
Run the following command:
ipconfig /flushdns
If the command succeeds, the system returns the following message:
Windows IP configuration successfully flushed the DNS Resolver Cache.
To clear your DNS cache if you use Windows 7, perform the following steps:
Click Start.
Enter cmd in the Start menu search text box.
Right-click Command Prompt and select Run as Administrator.
Run the following command:
ipconfig /flushdns
If the command succeeds, the system returns the following message: Windows IP configuration successfully flushed the DNS Resolver Cache.
