我有一个应用程序通过Web服务连接到Azure AppServer(使用SoapHttpClientProtocol)。
它在.NET 3.5sp1上完美运行,当我升级到.NET 4.6.1时,它在w10盒子上工作正常,但是有些w7或w8失败了:
基础连接已关闭:发送
时发生意外错误如果我修改构造函数添加:
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Ssl3;
确实有效。但我想使用Tls1.2而不是Ssl3。如果我使用
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
(或默认值)它在w7和w8框上给出错误。
这是在w10上提供给服务器的密码列表(它可以工作):
CONNECT spac-test.cloudapp.net:443 HTTP / 1.1主机: spac-test.cloudapp.net连接:Keep-Alive
找到了兼容SSLv3的ClientHello握手。提琴手提取 以下参数。
版本:3.3(TLS / 1.2)随机:58 17 93 A5 5C 57 36 C2 97 69 48 B2 92 5C 93 44 86 1A 87 99 19 53 4D 04 C4 CB EE C0 87 70 30 67"时间": 1/10/2058 1:26:48 AM SessionID:空扩展: server_name xxx.cloudapp.net
elliptic_curves unknown [0x1D], secp256r1 [0x17],secp384r1 [0x18] ec_point_formats未压缩 [为0x0]
signature_algs sha256_rsa,sha384_rsa,sha1_rsa,sha256_ecdsa, sha384_ecdsa,sha1_ecdsa,sha1_dsa,sha512_rsa,sha512_ecdsa SessionTicket空了 extended_master_secret为空 renegotiation_info 00加密算法:
[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 [C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [009F] TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 [009E] TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 [C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 [C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 [C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 [C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [0039] TLS_DHE_RSA_WITH_AES_256_SHA [0033] TLS_DHE_RSA_WITH_AES_128_SHA [009D] TLS_RSA_WITH_AES_256_GCM_SHA384 [009C] TLS_RSA_WITH_AES_128_GCM_SHA256 [003D] TLS_RSA_WITH_AES_256_CBC_SHA256 [003C] TLS_RSA_WITH_AES_128_CBC_SHA256 [0035] TLS_RSA_AES_256_SHA [002F] TLS_RSA_AES_128_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA [006A] TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 [0040] TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 [0038] TLS_DHE_DSS_WITH_AES_256_SHA [0032] TLS_DHE_DSS_WITH_AES_128_SHA [0011] SSL_DHE_DSS_WITH_3DES_EDE_SHA压缩:[00] NO_COMPRESSION
......以下是在PC上呈现的不起作用的内容:
找到了兼容SSLv3的ClientHello握手。提琴手提取 以下参数。
版本:3.3(TLS / 1.2)随机:58 17 97 37 8C 71 81 A2 0F 25 5F BE 3F D1 37 8D B8 4C 4F D3 58 BF A5 C6 EB DE E7 C3 6B 74 5D 86" Time":> 密码:
22/07/1999 9:06:32 SessionID:空扩展: renegotiation_info 00
server_name xxxx.cloudapp.net elliptic_curves secp256r1 [0x17],secp384r1 [0x18] ec_point_formats未压缩[0x0]
signature_algs sha256_rsa, sha384_rsa,sha1_rsa,sha256_ecdsa,sha384_ecdsa,sha1_ecdsa,sha1_dsa [003C] TLS_RSA_WITH_AES_128_CBC_SHA256 [002F] TLS_RSA_AES_128_SHA [003D] TLS_RSA_WITH_AES_256_CBC_SHA256 [0035] TLS_RSA_AES_256_SHA [0005] SSL_RSA_WITH_RC4_128_SHA [000A] SSL_RSA_WITH_3DES_EDE_SHA [C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 [C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA [C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 [C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 [C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 [C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 [C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA [C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA [0040] TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 [0032] TLS_DHE_DSS_WITH_AES_128_SHA [006A] TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 [0038] TLS_DHE_DSS_WITH_AES_256_SHA [0004] SSL_DHE_DSS_WITH_3DES_EDE_SHA [0004] SSL_RSA_WITH_RC4_128_MD5压缩:[00] NO_COMPRESSION
我想与已经协商的密码有关,但是想让w7使用tls1.2(我在IE show&#34中查看选项;使用Tls1.2",也将注册表设置设置为在w7中启用tls 1.2:
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SecurityProviders \ SCHANNEL \ Protocols \ TLS 1.1 \ Client] " DisabledByDefault" = DWORD:00000000
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SecurityProviders \ SCHANNEL \ Protocols \ TLS 1.1 \ Server] " DisabledByDefault" = DWORD:00000000
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SecurityProviders \ SCHANNEL \ Protocols \ TLS 1.2 \ Client] " DisabledByDefault" = DWORD:00000000
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SecurityProviders \ SCHANNEL \ Protocols \ TLS 1.2 \ Server] " DisabledByDefault" = DWORD:00000000
有什么建议吗? 感谢