我有一个自托管的REST API,其中包含一个托管在W2008R2上的自签名证书。使用此代码从W7调用此api是完美的。
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
ServicePointManager.ServerCertificateValidationCallback = ValidateServerCertficate;
var request = (HttpWebRequest)WebRequest.Create(url);
request.Method = verb;
request.ContentType = "application/json";
request.Headers.Add("PlatformId", platformId);
if (bytes != null)
{
using (var requestStream = request.GetRequestStream())
{
requestStream.Write(bytes, 0, bytes.Length);
requestStream.Flush();
}
}
var response = request.GetResponse();
使用来自任何W10的Chrome的REST API客户端插件调用api也可以。
但是,从任何W10 调用(使用完全相同的客户端代码)都会失败。
我在两台客户端计算机上激活了跟踪。从工作的W7客户端机器:
System.Net Information: 0 : [10748] Connection#10366524 - Conexión desde 192.168.2.100:57610 a xx.xx.xx.xx:9095 creada.
System.Net Information: 0 : [10748] TlsStream#25181126::.ctor(host=xx.xx.xx.xx, #certs=0)
System.Net Information: 0 : [10748] Associating HttpWebRequest#7746814 with ConnectStream#59408853
System.Net Information: 0 : [10748] HttpWebRequest#7746814 - Request: GET /AvelonRMSExternalPlatformRestService/Countries HTTP/1.1
System.Net Information: 0 : [10748] ConnectStream#59408853 - Enviando encabezados
{
Content-Type: application/json
PlatformId: 03986D31-4F8A-4527-8AF5-A40030B4A4E8
Host: xx.xx.xx.xx:9095
Connection: Keep-Alive
}.
System.Net Information: 0 : [10748] SecureChannel#56152722::.ctor(hostname=xx.xx.xx.xx, #clientCertificates=0, encryptionPolicy=RequireEncryption)
System.Net Information: 0 : [10748] Enumerando paquetes de seguridad:
System.Net Information: 0 : [10748] Negotiate
System.Net Information: 0 : [10748] NegoExtender
System.Net Information: 0 : [10748] Kerberos
System.Net Information: 0 : [10748] NTLM
System.Net Information: 0 : [10748] Schannel
System.Net Information: 0 : [10748] Microsoft Unified Security Protocol Provider
System.Net Information: 0 : [10748] WDigest
System.Net Information: 0 : [10748] TSSSP
System.Net Information: 0 : [10748] pku2u
System.Net Information: 0 : [10748] MSOIDSSP
System.Net Information: 0 : [10748] CREDSSP
System.Net Information: 0 : [10748] SecureChannel#56152722 - Con 0 certificados de cliente entre los que elegir.
System.Net Information: 0 : [10748] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Information: 0 : [10748] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = xx.xx.xx.xx, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [10748] InitializeSecurityContext(Longitud de In-Buffer=0, Longitud de Out-Buffer=149, código devuelto=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [10748] Socket#63840421::Send()
System.Net.Sockets Verbose: 0 : [10748] Data from Socket#63840421::Send
System.Net.Sockets Verbose: 0 : [10748] 00000000 : 16 03 03 00 90 01 00 00-8C 03 03 56 BA F6 5A E2 : ...........V..Z.
System.Net.Sockets Verbose: 0 : [10748] 00000010 : 76 DE 3D 52 7E CF 87 55-C2 40 E5 27 D1 31 E2 B7 : v.=R~..U.@.'.1..
System.Net.Sockets Verbose: 0 : [10748] 00000020 : 00 74 13 AA 2B 18 33 E4-F5 A5 E0 00 00 34 C0 28 : .t..+.3......4.(
System.Net.Sockets Verbose: 0 : [10748] 00000030 : C0 27 C0 14 C0 13 00 9F-00 9E 00 9D 00 9C C0 2C : .'.............,
System.Net.Sockets Verbose: 0 : [10748] 00000040 : C0 2B C0 24 C0 23 C0 0A-C0 09 00 3D 00 3C 00 35 : .+.$.#.....=.<.5
System.Net.Sockets Verbose: 0 : [10748] 00000050 : 00 2F 00 6A 00 40 00 38-00 32 00 0A 00 13 00 05 : ./.j.@.8.2......
System.Net.Sockets Verbose: 0 : [10748] 00000060 : 00 04 01 00 00 2F 00 0A-00 08 00 06 00 17 00 18 : ...../..........
System.Net.Sockets Verbose: 0 : [10748] 00000070 : 00 19 00 0B 00 02 01 00-00 0D 00 14 00 12 06 01 : ................
System.Net.Sockets Verbose: 0 : [10748] 00000080 : 06 03 04 01 05 01 02 01-04 03 05 03 02 03 02 02 : ................
System.Net.Sockets Verbose: 0 : [10748] 00000090 : FF 01 00 01 00 : .....
System.Net.Sockets Verbose: 0 : [10748] Exiting Socket#63840421::Send() -> Int32#149
System.Net.Sockets Verbose: 0 : [10748] Socket#63840421::Receive()
System.Net.Sockets Verbose: 0 : [10748] Data from Socket#63840421::Receive
System.Net.Sockets Verbose: 0 : [10748] 00000000 : 16 03 03 0A BC : .....
System.Net.Sockets Verbose: 0 : [10748] Exiting Socket#63840421::Receive() -> Int32#5
System.Net.Sockets Verbose: 0 : [10748] Socket#63840421::Receive()
System.Net.Sockets Verbose: 0 : [10748] Data from Socket#63840421::Receive
System.Net.Sockets Verbose: 0 : [10748] 00000005 : 02 00 00 4D 03 03 56 BA-F6 8B EB 92 55 E1 4E A7 : ...M..V.....U.N.
System.Net.Sockets Verbose: 0 : [10748] 00000015 : 04 9A DB 53 EC 79 D6 72-65 5D 6E E3 0C 00 7D 37 : ...S.y.re]n...}7
System.Net.Sockets Verbose: 0 : [10748] 00000025 : 18 DD 26 D3 2D 05 20 09-11 00 00 F3 5B 63 C1 EC : ..&.-. .....[c..
[DELETED LINES OF DATA]
System.Net.Sockets Verbose: 0 : [10748] 00000AC0 : 00 : .
System.Net.Sockets Verbose: 0 : [10748] Exiting Socket#63840421::Receive() -> Int32#1393
System.Net Information: 0 : [10748] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 845ab0:4f91430, targetName = xx.xx.xx.xx, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [10748] InitializeSecurityContext(Número de In-Buffers=2, Longitud de Out-Buffer=0, código devuelto=CredentialsNeeded).
System.Net Information: 0 : [10748] SecureChannel#56152722 - Con 0 certificados de cliente entre los que elegir.
System.Net Information: 0 : [10748] Utilizando el identificador de credencial almacenado en caché.
System.Net Information: 0 : [10748] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 845ab0:4f91430, targetName = xx.xx.xx.xx, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [10748] InitializeSecurityContext(Número de In-Buffers=2, Longitud de Out-Buffer=173, código devuelto=ContinueNeeded).
[DELETED REST OF LOG]
从失败的W10客户端计算机:
System.Net Information: 0 : [7852] Connection#31523018 - Conexión desde 192.168.1.35:53781 a xx.xx.xx.xx:9095 creada.
System.Net Information: 0 : [7852] TlsStream#15586314::.ctor(host=xx.xx.xx.xx, #certs=0)
System.Net Information: 0 : [7852] Associating HttpWebRequest#62955487 with ConnectStream#35059110
System.Net Information: 0 : [7852] HttpWebRequest#62955487 - Request: GET /AvelonRMSExternalPlatformRestService/Countries HTTP/1.1
System.Net Information: 0 : [7852] ConnectStream#35059110 - Enviando encabezados
{
Content-Type: application/json
PlatformId: 03986D31-4F8A-4527-8AF5-A40030B4A4E8
Host: xx.xx.xx.xx:9095
Connection: Keep-Alive
}.
System.Net Information: 0 : [7852] SecureChannel#28137373::.ctor(hostname=xx.xx.xx.xx, #clientCertificates=0, encryptionPolicy=RequireEncryption)
System.Net Information: 0 : [7852] Enumerando paquetes de seguridad:
System.Net Information: 0 : [7852] Negotiate
System.Net Information: 0 : [7852] NegoExtender
System.Net Information: 0 : [7852] Kerberos
System.Net Information: 0 : [7852] NTLM
System.Net Information: 0 : [7852] TSSSP
System.Net Information: 0 : [7852] pku2u
System.Net Information: 0 : [7852] WDigest
System.Net Information: 0 : [7852] Schannel
System.Net Information: 0 : [7852] Microsoft Unified Security Protocol Provider
System.Net Information: 0 : [7852] CloudAP
System.Net Information: 0 : [7852] CREDSSP
System.Net Information: 0 : [7852] SecureChannel#28137373 - Con 0 certificados de cliente entre los que elegir.
System.Net Information: 0 : [7852] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent = Outbound, scc = System.Net.SecureCredential)
System.Net Information: 0 : [7852] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = xx.xx.xx.xx, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [7852] InitializeSecurityContext(Longitud de In-Buffer=0, Longitud de Out-Buffer=155, código devuelto=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [7852] Socket#17375337::Send()
System.Net.Sockets Verbose: 0 : [7852] Data from Socket#17375337::Send
System.Net.Sockets Verbose: 0 : [7852] 00000000 : 16 03 03 00 96 01 00 00-92 03 03 56 BA F5 B5 96 : ...........V....
System.Net.Sockets Verbose: 0 : [7852] 00000010 : 5D 49 B9 74 F0 A9 25 16-80 FD 00 2F 53 A6 F1 10 : ]I.t..%..../S...
System.Net.Sockets Verbose: 0 : [7852] 00000020 : 92 E0 5B 60 A8 6C C2 CF-26 C3 80 00 00 38 C0 30 : ..[`.l..&....8.0
System.Net.Sockets Verbose: 0 : [7852] 00000030 : C0 2F C0 28 C0 27 C0 14-C0 13 00 9F 00 9E 00 9D : ./.(.'..........
System.Net.Sockets Verbose: 0 : [7852] 00000040 : 00 9C 00 3D 00 3C 00 35-00 2F C0 2C C0 2B C0 24 : ...=.<.5./.,.+.$
System.Net.Sockets Verbose: 0 : [7852] 00000050 : C0 23 C0 0A C0 09 00 6A-00 40 00 38 00 32 00 0A : .#.....j.@.8.2..
System.Net.Sockets Verbose: 0 : [7852] 00000060 : 00 13 00 05 00 04 01 00-00 31 00 0A 00 06 00 04 : .........1......
System.Net.Sockets Verbose: 0 : [7852] 00000070 : 00 17 00 18 00 0B 00 02-01 00 00 0D 00 14 00 12 : ................
System.Net.Sockets Verbose: 0 : [7852] 00000080 : 04 01 05 01 02 01 04 03-05 03 02 03 02 02 06 01 : ................
System.Net.Sockets Verbose: 0 : [7852] 00000090 : 06 03 00 23 00 00 FF 01-00 01 00 : ...#.......
System.Net.Sockets Verbose: 0 : [7852] Exiting Socket#17375337::Send() -> Int32#155
System.Net.Sockets Verbose: 0 : [7852] Socket#17375337::Receive()
System.Net.Sockets Verbose: 0 : [7852] Data from Socket#17375337::Receive
System.Net.Sockets Verbose: 0 : [7852] 00000000 : 16 03 03 0A BC : .....
System.Net.Sockets Verbose: 0 : [7852] Exiting Socket#17375337::Receive() -> Int32#5
System.Net.Sockets Verbose: 0 : [7852] Socket#17375337::Receive()
System.Net.Sockets Verbose: 0 : [7852] Data from Socket#17375337::Receive
System.Net.Sockets Verbose: 0 : [7852] 00000005 : 02 00 00 4D 03 03 56 BA-F5 B7 5B 2C B9 AF C3 88 : ...M..V...[,....
System.Net.Sockets Verbose: 0 : [7852] 00000015 : 63 FA 0E EA CF A1 B4 E8-29 E4 8F 3A 51 06 0C 16 : c.......)..:Q...
System.Net.Sockets Verbose: 0 : [7852] 00000025 : F6 B6 A8 5A 0D 24 20 0B-03 00 00 3E 87 1B B9 B9 : ...Z.$ ....>....
[DELETED LINES OF DATA]
System.Net.Sockets Verbose: 0 : [7852] 00000AC0 : 00 : .
System.Net.Sockets Verbose: 0 : [7852] Exiting Socket#17375337::Receive() -> Int32#1313
System.Net Information: 0 : [7852] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = fab233c920:e654e74680, targetName = xx.xx.xx.xx, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [7852] InitializeSecurityContext(Número de In-Buffers=2, Longitud de Out-Buffer=0, código devuelto=InternalError).
System.Net.Sockets Verbose: 0 : [7852] Socket#17375337::Dispose()
System.Net Error: 0 : [7852] Excepción en HttpWebRequest#62955487:: - Anulada la solicitud: No se puede crear un canal seguro SSL/TLS..
System.Net Error: 0 : [7852] Excepción en HttpWebRequest#62955487::GetResponse - Anulada la solicitud: No se puede crear un canal seguro SSL/TLS..
[NO MORE LOGGING AVAILABLE]
ClientHello和ServerHello完成,但是在W10上,对 InitializeSecurityContext 的第二次调用因内部错误而失败,其中工作的W7机器 CredentialsNeeded 是返回:
InitializeSecurityContext(Número de In-Buffers=2, Longitud de Out-Buffer=0, código devuelto=InternalError).
在Windows事件日志中,我看到以下内容:
TLS协议定义的致命错误代码为40. Windows SChannel错误状态为813
似乎W10握手失败。
我不知道如何从这里开始。有谁遇到过这个问题?是否可以进行额外的记录?
我已经尝试过的事情:
W2012R2服务器上完全相同的设置可以从W10正常工作。问题是当我在2008R2服务器上托管时。
先谢谢,华金
答案 0 :(得分:0)
终于找出了问题所在。我使用了自签名的SHA265证书,密钥长度为512位。似乎W10不再支持那么短的键长。我生成了一个2048位密钥长度的新证书,一切都开始工作了。