由于以下错误消息,我们无法使用WebRequest连接到HTTPS服务器:
请求被中止:无法创建SSL/TLS安全通道。
我们知道服务器没有有效的HTTPS证书,但为了绕过这个问题,我们使用下面的代码,我们从另一个StackOverflow帖子:
private void Somewhere() {
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(AlwaysGoodCertificate);
}
private static bool AlwaysGoodCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors policyErrors) {
return true;
}
问题是服务器从未验证证书,并出现上述错误而失败。有人知道我该怎么做吗?
我应该提到的是,我和一个同事几周前进行了测试,它运行得很好,与我上面写的类似。我们发现的唯一“主要区别”是,我用的是Windows 7,而他用的是Windows XP。这会改变什么吗?
我们在Windows Server 2012R2客户端中遇到了同样的问题。
错误40表示客户端和服务器不同意使用密码套件。
在大多数情况下,服务器需要客户端无法识别的密码套件。
如果你不能修改服务器设置,解决方案是将那些“缺失”的密码套件添加到客户端:
First, go to SSLLabs SSL Labs
Enter the url of the site/api you are having problem to connect
Wait a few minutes until the test is completed
Go to 'Cipher Suites' section and read very carefully TLS 1.3 / TLS 1.2
There you will find the Cipher Suites accepted by the server
Now in your windows server, go to Regedit
Open the Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL
There you will find 2 folders: 00010002 -->TLS 1.2 and 00010003 --> TLS 1.3
Now, edit the Functions key, and add the suites required by the server
In our case, we needed to Add TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 to 00010002 folder
确保ServicePointManager设置是在创建HttpWebRequest之前完成的,否则它将无法工作。
工作原理:
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
| SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12
| SecurityProtocolType.Ssl3;
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com/api/")
失败:
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://google.com/api/")
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
| SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12
| SecurityProtocolType.Ssl3;