I am developing a TCP client to connect OpenSSL server with the certificate authentication. I have using .crt and .key files shared by server team. These certificates are generated by OpenSSL commands.
I am using SslStream object to authenticate the Tcp client by calling SslStream.AuthenticateAsClient method by passing server IP, SslProtocols.Ssl3 and X509CertificateCollection.
I am getting the following error:
Authentication failed because the remote party has closed the transport stream
I would advise against restricting the SecurityProtocol to TLS 1.1.
The recommended solution is to use
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls
Another option is add the following Registry key:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
Value: SchUseStrongCrypto
It is worth noting that .NET 4.6 will use the correct protocol by default and does not require either solution.
If you want to use an older version of .net, create your own flag and cast it.
//
// Summary:
// Specifies the security protocols that are supported by the Schannel security
// package.
[Flags]
private enum MySecurityProtocolType
{
//
// Summary:
// Specifies the Secure Socket Layer (SSL) 3.0 security protocol.
Ssl3 = 48,
//
// Summary:
// Specifies the Transport Layer Security (TLS) 1.0 security protocol.
Tls = 192,
//
// Summary:
// Specifies the Transport Layer Security (TLS) 1.1 security protocol.
Tls11 = 768,
//
// Summary:
// Specifies the Transport Layer Security (TLS) 1.2 security protocol.
Tls12 = 3072
}
public Session()
{
System.Net.ServicePointManager.SecurityProtocol = (SecurityProtocolType)(MySecurityProtocolType.Tls12 | MySecurityProtocolType.Tls11 | MySecurityProtocolType.Tls);
}
Adding the below code helped me overcome the issue.
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11;
I ran into the same error message while using the ChargifyNET.dll to communicate with the Chargify API. Adding chargify.ProtocolType = SecurityProtocolType.Tls12; to the configuration solved the problem for me.
Here is the complete code snippet:
public ChargifyConnect GetChargifyConnect()
{
var chargify = new ChargifyConnect();
chargify.apiKey = ConfigurationManager.AppSettings["Chargify.apiKey"];
chargify.Password = ConfigurationManager.AppSettings["Chargify.apiPassword"];
chargify.URL = ConfigurationManager.AppSettings["Chargify.url"];
// Without this an error will be thrown.
chargify.ProtocolType = SecurityProtocolType.Tls12;
return chargify;
}
For VB.NET, you can place the following before your web request:
Const _Tls12 As SslProtocols = DirectCast(&HC00, SslProtocols)
Const Tls12 As SecurityProtocolType = DirectCast(_Tls12, SecurityProtocolType)
ServicePointManager.SecurityProtocol = Tls12
This solved my security issue on .NET 3.5.
using (var client = new HttpClient(handler))
{
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
var response = await client.SendAsync(new HttpRequestMessage(HttpMethod.Get, apiEndPoint)).ConfigureAwait(false);
await response.Content.ReadAsStringAsync().ConfigureAwait(false);
}
This worked for me
来源:https://stackoverflow.com/questions/30664566/authentication-failed-because-remote-party-has-closed-the-transport-stream