Windows Server 2003 至 2008 sslstream 无通用算法
我发现我的问题与我之前提出的问题有关。
当使用 C# 中的 SSLSTREAM 在 Windows Server 2003 和 2008 之间进行连接时,服务器似乎无法就通用算法达成一致。
我得到的确切 SSPI 异常是:
"The client and server cannot communicate, because they do not possess a common algorithm"
我尝试过使用 SSL2、SSL3、TLS1。我尝试使用默认,我尝试安装服务器 2003 的 AES SSL 修补程序。似乎无论我做什么,都没有通用的算法..
有谁知道我该如何解决这个问题?
另外,当我在 Windows 7 上尝试相同的代码时,服务器/客户端同意: 密码套件:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
这是从wireshark中获取的。
Windows Server 2003 没有该密码,但它应该具有一些兼容的密码,而无需启用此处列出的密码:
http://technet.microsoft.com/en-us/library/cc766285(WS.10).aspx
感谢您的帮助
I found my issue with the previous question I asked.
It appears as though when connecting between Windows Server 2003 and 2008 using SSLSTREAM in C# the servers are not able to agree on a common algorithm.
The exact SSPI Exception I get is:
"The client and server cannot communicate, because they do not possess a common algorithm"
I have tried using SSL2, SSL3, TLS1. I tried using Default, I tried installing the AES SSL hotfix for server 2003. It seems no matter what I do, there are no common algorithms..
Does anyone know how I can solve this?
Also, when I try the same code on Windows 7 The Server/Client agree on:Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
That was taken from wireshark.
Windows Server 2003 does not have that cipher, but it should have some that are compatible without having to enable the ones listed here:
http://technet.microsoft.com/en-us/library/cc766285(WS.10).aspx
Thanks for any help
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我无法从你的问题中弄清楚哪一边是服务器,哪一边是客户端,也许这并不重要。尽管我对这些服务器不太熟悉,但当服务器无法找到其 RSA 私钥时,我也看到过类似的错误,这可能是由于配置错误或更常见的误解。服务器必须能够访问私钥及其匹配的公钥(包含在其证书中)才能完成经过身份验证的连接。
I cannot figure out from your question which side is the server and which is the client, and maybe it doesn't matter. Although I'm not that familiar with those servers, I have seen similar errors when the server is not able to find its RSA private key, either due to misconfiguration or more often misunderstanding. The server must have access to both a private key and its matching public key (contained in its certificate) in order to complete an authenticated connection.
服务器可能尝试使用 AES 密码协商 SSLv3.0 连接。这种组合在技术上是非法的。请参阅http://blogs.msdn.com/b/ieinternals/archive/2009/12/08/aes-is-not-a-valid-cipher-for-sslv3.aspx?Redirected=true< /a>
The server likely tried to negotiate a SSLv3.0 connection with an AES cipher. That combination is technically illegal. See http://blogs.msdn.com/b/ieinternals/archive/2009/12/08/aes-is-not-a-valid-cipher-for-sslv3.aspx?Redirected=true