握手后与TCP连接与TLS重置

发布于 2025-01-21 04:56:01 字数 2472 浏览 1 评论 0原文

我正在尝试激活WCF客户端服务器应用程序的运输安全性。它在我们的测试机上正常工作，但是在目标环境中，连接在我看上去像成功的握手之后总是重置： wireshark捕获

我尝试停用了防火墙，尽管该应用程序没有TLS，但是没有什么区别。我还尝试了TLS1.1和TLS1.0，但这也没有区别。

这是服务主机的源代码：

public void Start()
{
    var binding = new NetTcpBinding(SecurityMode.Transport);
    binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;
    binding.Security.Transport.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
    binding.ReliableSession.Enabled = true;
    binding.ReliableSession.InactivityTimeout = TimeSpan.FromSeconds(30);
    binding.ReceiveTimeout = TimeSpan.FromSeconds(5);
    binding.SendTimeout = TimeSpan.FromSeconds(5);
    binding.MaxReceivedMessageSize = 64 * 1048576;
    binding.ReaderQuotas.MaxArrayLength = 2147483647;
    binding.ReaderQuotas.MaxStringContentLength = 2147483647;

    this.host = new ServiceHost(
        this,
        new[] { new Uri(string.Format("net.tcp://{0}:{1}", this.hostname, this.port)) }
    );

    this.host.Description.Behaviors.Add(new ServiceDiscoveryBehavior());
    this.host.AddServiceEndpoint(new UdpDiscoveryEndpoint());
    this.host.AddServiceEndpoint(typeof(ILvsService), binding, "LvsService");
    this.host.Credentials.ServiceCertificate.SetCertificate(
        StoreLocation.LocalMachine,
        StoreName.My,
        X509FindType.FindBySubjectName,
       this.hostname
    );

    this.host.Open();
}

这是客户端：

public ServiceClient(string server, ushort port)
{
    var binding = new NetTcpBinding(SecurityMode.Transport);
    binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;
    binding.Security.Transport.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
    binding.MaxReceivedMessageSize = 64 * 1048576;
    binding.ReaderQuotas.MaxArrayLength = 2147483647;
    binding.ReaderQuotas.MaxStringContentLength = 2147483647;
    binding.ReceiveTimeout = TimeSpan.FromSeconds(5);
    binding.SendTimeout = TimeSpan.FromSeconds(5);

    var context = new InstanceContext(this);
    this.channelFactory = new DuplexChannelFactory<ILvsService>(
        context,
        binding,
        new EndpointAddress(string.Format("net.tcp://{0}:{1}/LvsService", server, port))
    );
}

服务器在Windows Server 2016 VM上以.NET Framework 4.7.2的速度运行。客户端也在Windows 10机器上运行。NETFramework 4.7.2。

原文

I'm trying to activate transport security for a WCF Client-Server application.
It works fine on our test machine, but in the target environment the connection is always reset after what looks to me like a successful handshake:
Wireshark capture

I've tried deactivating the firewall, although the application worked fine without TLS, but it made no difference. I've also tried TLS1.1 and TLS1.0 but that made no difference either.

Here is the source code for the service host:

public void Start()
{
    var binding = new NetTcpBinding(SecurityMode.Transport);
    binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;
    binding.Security.Transport.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
    binding.ReliableSession.Enabled = true;
    binding.ReliableSession.InactivityTimeout = TimeSpan.FromSeconds(30);
    binding.ReceiveTimeout = TimeSpan.FromSeconds(5);
    binding.SendTimeout = TimeSpan.FromSeconds(5);
    binding.MaxReceivedMessageSize = 64 * 1048576;
    binding.ReaderQuotas.MaxArrayLength = 2147483647;
    binding.ReaderQuotas.MaxStringContentLength = 2147483647;

    this.host = new ServiceHost(
        this,
        new[] { new Uri(string.Format("net.tcp://{0}:{1}", this.hostname, this.port)) }
    );

    this.host.Description.Behaviors.Add(new ServiceDiscoveryBehavior());
    this.host.AddServiceEndpoint(new UdpDiscoveryEndpoint());
    this.host.AddServiceEndpoint(typeof(ILvsService), binding, "LvsService");
    this.host.Credentials.ServiceCertificate.SetCertificate(
        StoreLocation.LocalMachine,
        StoreName.My,
        X509FindType.FindBySubjectName,
       this.hostname
    );

    this.host.Open();
}

And here is the client side:

public ServiceClient(string server, ushort port)
{
    var binding = new NetTcpBinding(SecurityMode.Transport);
    binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;
    binding.Security.Transport.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
    binding.MaxReceivedMessageSize = 64 * 1048576;
    binding.ReaderQuotas.MaxArrayLength = 2147483647;
    binding.ReaderQuotas.MaxStringContentLength = 2147483647;
    binding.ReceiveTimeout = TimeSpan.FromSeconds(5);
    binding.SendTimeout = TimeSpan.FromSeconds(5);

    var context = new InstanceContext(this);
    this.channelFactory = new DuplexChannelFactory<ILvsService>(
        context,
        binding,
        new EndpointAddress(string.Format("net.tcp://{0}:{1}/LvsService", server, port))
    );
}

The server is running as a service on a Windows Server 2016 VM with .NET Framework 4.7.2. The clients are running on Windows 10 machines also with .NET Framework 4.7.2.

分享到QQ

分享到微博