我们有一个.Net Compact Framework 3.5应用程序通过Web服务连接到Oracle Weblogic Server 11g上的ADF应用程序。一切都通过相互身份验证SSL保护。
只要启用SSL3.0,一切正常。一旦我们使TLS1.0成为最低版本的SSL,掌上电脑就会出错。 (由于安全问题,我们无法继续允许使用SSL3。)
System.Net.WebException: Could not establish secure channel for SSL/TLS ---> System.Net.WebException: Handshake has failed, see inner exception.
at System.Net.SslConnectionState.PerformClientHandShake()
at System.Net.Connection.connect(Object ignored)
at System.Threading.ThreadPool.WorkItem.doWork(Object o)
at System.Threading.Timer.ring()
at System.Net.HttpWebRequest.finishGetResponse()
at System.Net.HttpWebRequest.GetResponse()
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.doInvoke(String methodName, Object[] parameters, WebClientAsyncResult asyncResult)
at STRATISHandheld.Handheld.HandHeldService.processWeb(String arg0)
at CSHARPSmartDeviceApp.Form1.Form1_Load(Object sender, EventArgs e)
at System.Windows.Forms.Form.OnLoad(EventArgs e)
at System.Windows.Forms.Form._SetVisibleNotify(Boolean fVis)
at System.Windows.Forms.Control.set_Visible(Boolean value)
at System.Windows.Forms.Application.Run(Form fm)
at CSHARPSmartDeviceApp.Form1.STRATISMain()
at CSHARPSmartDeviceApp.Form1.Main(String[] args)
内部异常是
System.Net.WebException: Handshake has failed, see inner exception.
at System.Net.SslConnectionState.PerformClientHandShake()
at System.Net.Connection.connect(Object ignored)
at System.Threading.ThreadPool.WorkItem.doWork(Object o)
at System.Threading.Timer.ring()
并且内部异常是null(因为它当然是)。
我们用来调用该函数的代码如下。掌上电脑是由添加Web参考功能创建的Web引用;它继承了" System.Web.Services.Protocols.SoapHttpClientProtocol"类。只要启用SSL3,一切都会正常工作。
handheld.Url = webPage;
handheld.ClientCertificates.Add(clientcertificate);
String MSG = "";
MSG = handheld.processWeb(out_xml_str);
注意:我通常会将ServicePointManager.sslversion设置为TLS1,但它在Compact Framework中不可用,因为它当然不是。
我们如何解决这个问题甚至开始诊断?我们确定TLS有效,因为我们能够在IE上启用TLS的情况下点击服务器。