ServerCertificateValidationCallback을 설정 했는데도 SSL / TLS 보안 채널을 만들 수 없습니다.
자체 서명 된 인증서 로 테스트 서버에 SSL / TLS 연결을 설정하려고합니다 . 안전하지 않은 채널을 통한 통신은 문제없이 작동했습니다.
다음은이 솔루션을 기반으로 작성한 샘플 코드 입니다. HttpClient C #으로 신뢰할 수없는 SSL 인증서 허용 인증서 오류를 무시 하시겠습니까? SSL Web API에 연결하는 .NET 클라이언트
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
var c = new HttpClient();
var r = c.GetAsync("https://10.3.0.1:8443/rest/v1").Result;
if (r.IsSuccessStatusCode)
{
Log.AddMessage(r.Content.Get<string>());
}
else
{
Log.AddMessage(string.Format("{0} ({1})", (int)r.StatusCode, r.ReasonPhrase));
}
또한 이것을 시도했습니다.
var handler = new WebRequestHandler();
handler.ServerCertificateValidationCallback = delegate { return true; };
var c = new HttpClient(handler);
...
이
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
하지만 예외가있을 때마다 :
InnerException: System.Net.Http.HttpRequestException
_HResult=-2146233088
_message=An error occurred while sending the request.
HResult=-2146233088
IsTransient=false
Message=An error occurred while sending the request.
InnerException: System.Net.WebException
_HResult=-2146233079
_message=The request was aborted: Could not create SSL/TLS secure channel.
HResult=-2146233079
IsTransient=false
Message=The request was aborted: Could not create SSL/TLS secure channel.
Source=System
StackTrace:
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
InnerException:
내가 뭘 잘못 했어? 이 서버에 연결할 수없는 이유 (유효하지 않은 자체 서명 인증서가 있음)
ServerCertificateValidationCallback으로 올바르게 수행하고 있습니다. 이것은 당신이 직면 한 문제가 아닙니다. 현재 직면하고있는 문제는 SSL / TLS 프로토콜 버전 일 가능성이 높습니다.
예를 들어 서버가 SSLv3 및 TLSv10 만 제공하고 클라이언트에 TLSv12가 필요한 경우이 오류 메시지가 표시됩니다. 당신이해야 할 일은 클라이언트와 서버가 공통 프로토콜 버전을 지원하는지 확인하는 것입니다.
가능한 한 많은 서버에 연결할 수있는 클라이언트가 필요할 때 (가능한 한 보안을 유지하기보다는) 다음을 사용합니다 (유효성 확인 콜백 설정과 함께).
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
우리는 오늘 바로 같은 문제를 해결해 왔으며 .NET의 런타임 버전을 높이기 만하면됩니다.
4.5.2는 위의 문제로 작동하지 않았지만 4.6.1은 괜찮 았습니다.
.NET 버전을 유지해야하는 경우
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
여전히이 문제를 겪고있는 사람을위한 후속 조치로 솔루션에 명시된대로 ServicePointManager.SecurityProfile 옵션을 추가했습니다.
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
And yet I continued to get the same “The request was aborted: Could not create SSL/TLS secure channel” error. I was attempting to connect to some older voice servers with HTTPS SOAP API interfaces (i.e. voice mail, IP phone systems etc… installed years ago). These only support SSL3 connections as they were last updated years ago.
One would think including SSl3 in the list of SecurityProtocols would do the trick here, but it didn’t. The only way I could force the connection was to include ONLY the Ssl3 protocol and no others:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
Then the connection goes through – seems like a bug to me but this didn’t start throwing errors until recently on tools I provide for these servers that have been out there for years – I believe Microsoft has started rolling out system changes that have updated this behavior to force TLS connections unless there is no other alternative.
Anyway – if you’re still running into this against some old sites/servers, it’s worth giving it a try.
move this line: ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
Before this line: HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
Original post: KB4344167 security update breaks TLS Code
If you are using a new domain name, and you have done all the above and you are still getting the same error, check to see if you clear the DNS cache on your PC. Clear your DNS for more details.
Windows® 8
To clear your DNS cache if you use Windows 8, perform the following steps:
On your keyboard, press Win+X to open the WinX Menu.
Right-click Command Prompt and select Run as Administrator.
Run the following command:
ipconfig /flushdns
If the command succeeds, the system returns the following message:
Windows IP configuration successfully flushed the DNS Resolver Cache.
Windows® 7
To clear your DNS cache if you use Windows 7, perform the following steps:
Click Start.
Enter cmd in the Start menu search text box.
Right-click Command Prompt and select Run as Administrator.
Run the following command:
ipconfig /flushdns
If the command succeeds, the system returns the following message: Windows IP configuration successfully flushed the DNS Resolver Cache.
I came across this thread because I also had the error Could not create SSL/TLS secure channel. In my case, I was attempting to access a Siebel configuration REST API from PowerShell using Invoke-RestMethod
, and none of the suggestions above helped.
Eventually I stumbled across the cause of my problem: the server I was contacting required client certificate authentication.
To make the calls work, I had to provide the client certificate (including the private key) with the -Certificate
parameter:
$Pwd = 'certificatepassword'
$Pfx = New-Object -TypeName 'System.Security.Cryptography.X509Certificates.X509Certificate2'
$Pfx.Import('clientcert.p12', $Pwd, 'Exportable,PersistKeySet')
Invoke-RestMethod -Uri 'https://your.rest.host/api/' -Certificate $Pfx -OtherParam ...
Hopefully my experience might help someone else who has my particular flavour of this problem.
'Programing' 카테고리의 다른 글
KitKat 용 Android 5.0 머티리얼 디자인 스타일 탐색 창 (0) | 2020.11.30 |
---|---|
scikit-learn에서 계층화 된 기차 / 테스트 분할 (0) | 2020.11.30 |
다트에서 이중 점 (.) 사용을 나열 하시겠습니까? (0) | 2020.11.30 |
정수를 확인하는 SQL LIKE 조건? (0) | 2020.11.30 |
문자열에서 모든 특수 문자를 제거하는 정규식? (0) | 2020.11.30 |