HttpWebRequest 结果“请求已中止:无法创建 SSL/TLS 安全通道”
我们在经典 ASP 应用程序中引入了一些 .NET 页面。当用户点击其中一个 .NET 页面时,我们使用 HttpWebRequest 将请求发送到具有所需会话变量名称的类 ASP 页面,从而从 ASP 端获取会话变量值。此方法有效,但以下情况除外。
在我们的生产服务器上,我们的 IT 人员通过一些注册表黑客攻击禁用了弱密码算法。我们希望将 128 强加于 128(或者比我更了解安全的人是这么告诉我的)。但是,这会导致我们的会话共享请求中止并出现以下错误。
The request was aborted: Could not create SSL/TLS secure channel
我们打开了跟踪日志记录,如本文。相关的行似乎是这些。
System.Net Information: 0 : [3892] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 1b6acdd0:171a28, targetName = secure.xxx.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [3892] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=AlgorithmMismatch).
System.Net.Sockets Verbose: 0 : [3892] Socket#18136189::Dispose()
System.Net Error: 0 : [3892] Exception in the HttpWebRequest#51004322:: - The request was aborted: Could not create SSL/TLS secure channel.
System.Net Error: 0 : [3892] Exception in the HttpWebRequest#51004322::GetResponse - The request was aborted: Could not create SSL/TLS secure channel.
我能从这些信息中得到的唯一信息是问题是算法不匹配,但我不知道该如何处理。
我读过但我们还没有尝试过的一件事是在发出请求之前添加以下代码。这么简单的改变似乎有可能解决这个算法不匹配问题吗?
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3
We've introduced a few .NET pages into a Classic ASP application. When a user hits one of the .NET pages we use an HttpWebRequest to get session variable values from the ASP side by sending the request to a Class ASP page with the name of the session variable we want. This approach works, except in the following situation.
On our production servers our IT folks have disabled the weak cipher algorithms with some registry hacking. We want to force 128 over 128 (or so I'm told by people who know more about security than I do). However, this causes our session-sharing request to abort with the following error.
The request was aborted: Could not create SSL/TLS secure channel
We turned on trace logging as described in this article. The relevant lines appear to be these.
System.Net Information: 0 : [3892] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 1b6acdd0:171a28, targetName = secure.xxx.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [3892] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=AlgorithmMismatch).
System.Net.Sockets Verbose: 0 : [3892] Socket#18136189::Dispose()
System.Net Error: 0 : [3892] Exception in the HttpWebRequest#51004322:: - The request was aborted: Could not create SSL/TLS secure channel.
System.Net Error: 0 : [3892] Exception in the HttpWebRequest#51004322::GetResponse - The request was aborted: Could not create SSL/TLS secure channel.
The only nugget I can get from this information is that the problem is an AlgorithmMismatch, but I'm not sure what to do with that.
One thing I've read about, but we have not tried, is adding the following code before we make the request. Does it seem like there's any chance such a simple change could address this AlgorithmMismatch?
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我们终于弄清楚了。除了禁用弱密码之外,IT 人员还调整了一些其他设置。他们已将 HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client 的启用 (DWORD) 值设置为 0。这意味着机器无法生成 SSL 请求。将该键的启用从 0 更改为 1 可以让一切正常工作。
We finally figured it out. In addition to disabling weak ciphers the IT guys tweaked a few other settings. They had set the Enabled (DWORD) value to 0 for HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client. That meant that the machine couldn't generate SSL requests. Changing Enabled from 0 to 1 for that key allowed everything to work.