我有一个WPF应用程序,它使用SSLStream连接到服务器并发送/接收一些消息。我的代码更大程度上基于此示例(SslTcpClient):https://msdn.microsoft.com/en-us/library/system.net.security.sslstream(v=vs.110).aspx。
这个工作好几个月了。但是,在获得此Windows更新(Windows 10版本1511和Windows Server 2016技术预览4的累积更新:2016年6月14日 - https://support.microsoft.com/en-us/kb/3163018)之后。我的应用程序开始报告此异常:
System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The Local Security Authority cannot be contacted
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at MyAPP.Core.Services.Network.Impl.SslTcpClient.ClientSideHandshake()
at MyAPP.Core.Services.Network.Impl.SslTcpClient.Connect()
at MyAPP.Core.Services.Impl.MessageService.SendMessage(String message)
我该怎么办?
答案 0 :(得分:11)
这意味着另一方正在使用其他版本的TLS,而您使用的是旧版本 在建立连接之前,将安全属性设置为TLS12。 这是一个众所周知的问题,因为许多提供商开始使用TLS12(例如paypal,亚马逊等)。
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
答案 1 :(得分:10)
以下是在注册表中设置的解决方案:
[HKEY_LOCAL_MACHINE \ SYSTEM \ CURRENTCONTROLSET \控制\ SecurityProviders \ SCHANNEL \ KeyExchangeAlgorithms \的Diffie-Hellman] " ClientMinKeyBitLength" = DWORD:00000200
如上所述here
答案 2 :(得分:1)
如果使用的是SslStream,则需要在AuthenticateAsClient调用中显式设置TLS版本,例如:
ssl.AuthenticateAsClient(url, null, SslProtocols.Tls12, false);
答案 3 :(得分:0)
在使用$dbconn = pg_connect("dbname=mary");
//connect to a database named "mary"
$dbconn2 = pg_connect("host=localhost port=5432 dbname=mary");
// connect to a database named "mary" on "localhost" at port "5432"
$dbconn3 = pg_connect("host=sheep port=5432 dbname=mary user=lamb password=foo");
//connect to a database named "mary" on the host "sheep" with a username and password
和C#连接到Oracle数据库时,出现了此异常,
“ Oracle.ManagedDataAccess.Client.OracleException(0x80004005):Oracle无法连接到服务器或无法解析连接字符串---> OracleInternal.Network.NetworkException(0x80004005):Oracle:Oracle无法连接到服务器或无法解析连接字符串---> System.Security.Authentication.AuthenticationException:对SSPI的调用失败,请参阅内部异常。 ---> System.ComponentModel.Win32Exception:安全软件包中没有可用的凭据 \ r \ n ---内部异常堆栈跟踪的结尾--- \ r \ n位于System.Net.Security.NegoState.StartSendAuthResetSignal(LazyAsyncResult lazyResult,Byte []消息,异常异常)\ r \ n在System.Net.Security.NegoState.StartSendBlob(Byte []消息,LazyAsyncResult lazyResult)\ r \ n在............
经过长时间的尝试,终于找到This Answer的作品,添加了Oracle.ManagedDataAccess.dll部分,并在settings中设置了name="SQLNET.AUTHENTICATION_SERVICES" value="":
app.config在上面答案的参考链接中,您可以尝试进一步设置以下步骤:
您在SQLNET.AUTHENTICATION_SERVICES =()
<oracle.manageddataaccess.client>
<version number="*">
<dataSources>
<dataSource alias="SampleDataSource" descriptor="(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ORCL))) "/>
</dataSources>
<settings>
<setting name="SQLNET.AUTHENTICATION_SERVICES" value=""/>
</settings>
</version>
</oracle.manageddataaccess.client>
的{{1}}文件夹中的也可以。
答案 4 :(得分:-1)
尝试将 servicePrincipalName 添加到客户端App.config文件
<client>
<endpoint ............................
<identity>
<servicePrincipalName/>
</identity>
</endpoint>
</client>