在C＃中的OpenSSL.exe s_client相當於我＃

Question

我有一個三星智能交流（熱泵/迷你拆分），並希望做一些自動化。我的Android手機上有一個APP。 通過研究了很多，我發現，我能控制我的交流與OpenSSL.exe這樣的：

openssl.exe s_client -connect 192.168.1.154:2878 

連接已經建立再經過我可以再複製/粘貼：

"<Request Type="AuthToken"><User Token="16968012-2892-M993-N707-3738REMOVED" /></Request>" 
"<Request Type="DeviceControl"><Control CommandID="cmd11111" DUID="7825ADREMOVED"><Attr ID="AC_FUN_POWER" Value="On" /></Control></Request>" 

然後AC打開。

問題是我無法自動執行任務，因爲我必須等待連接已建立，然後複製/粘貼請求。 Openssl.exe似乎沒有采用我可以使用的任何參數。

我已經在Powershell中用Invoke-WebRequest/RestMethod嘗試過，但是我得到了SSL/TLS錯誤。我也嘗試在C＃中，但結果相同。

public static bool AcceptAllCertifications(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) 
    { 
     return true; 
    } 
    static void Main(string[] args) 
    { 

     ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications); 
     Uri uri = new Uri("https://192.168.1.154:2878"); 
     WebRequest webRequest = WebRequest.Create(uri); 
     WebResponse webResponse = webRequest.GetResponse(); 
     webResponse.GetResponseStream(); 

     Console.Read(); 

    } 

給了我這個錯誤

The request was aborted: Could not create SSL/TLS secure channel. 

因此，大家可以看到我甚至不能只是GET /用C＃連接到AC沒有得到SSL錯誤。

我無法弄清楚'Openssl.exe s_client'的工作原理。任何人都可以啓發我嗎？從OpenSSL的

UPDATE 輸出：

 

    C:\Program Files (x86)\GnuWin32\bin>openssl.exe s_client -connect 192.168.1.154:2878 
    Loading 'screen' into random state - done 
    CONNECTED(0000017C) 
    depth=0 /C=KR/L=Suwon/O=Samsung Electronics/OU=Digital Applicance/CN=a287848/emailAddress=moweon.lee@samsung.com 
    verify error:num=20:unable to get local issuer certificate 
    verify return:1 
    depth=0 /C=KR/L=Suwon/O=Samsung Electronics/OU=Digital Applicance/CN=a287848/emailAddress=moweon.lee@samsung.com 
    verify error:num=21:unable to verify the first certificate 
    verify return:1 
    --- 
    Certificate chain 
    0 s:/C=KR/L=Suwon/O=Samsung Electronics/OU=Digital Applicance/CN=a287848/emailAddress=moweon.lee@samsung.com 
     i:/C=KR/L=Suwon/O=Samsung Electronics/OU=Digital Applicance/CN=a287848/emailAddress=moweon.lee@samsung.com 
    --- 
    Server certificate 
    -----BEGIN CERTIFICATE----- 
    MIIDdDCCAt2gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMCS1Ix 
    DjAMBgNVBAcTBVN1d29uMRwwGgYDVQQKExNTYW1zdW5nIEVsZWN0cm9uaWNzMRsw 
    GQYDVQQLExJEaWdpdGFsIEFwcGxpY2FuY2UxEDAOBgNVBAMTB2EyODc4NDgxJTAj 
    BgkqhkiG9w0BCQEWFm1vd2Vvbi5sZWVAc2Ftc3VuZy5jb20wHhcNNzAwMTAxMDkw 
    MDE2WhcNNzAwMjAxMDkwMDE2WjCBkTELMAkGA1UEBhMCS1IxDjAMBgNVBAcTBVN1 
    d29uMRwwGgYDVQQKExNTYW1zdW5nIEVsZWN0cm9uaWNzMRswGQYDVQQLExJEaWdp 
    dGFsIEFwcGxpY2FuY2UxEDAOBgNVBAMTB2EyODc4NDgxJTAjBgkqhkiG9w0BCQEW 
    Fm1vd2Vvbi5sZWVAc2Ftc3VuZy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ 
    AoGBANWEclyhZblo3TwG39hFVZK+LHTICEbgWwHQdAx1RwLFvIgsTFlgHu8Hb0fC 
    AN2Wknx5vb0ks355PycY/xlUY6Rmr3eSU34undtt7jE1K0OYeasUOvxpXyBtmSo6 
    72YtDSN6rh3F6SgOKrUVsQFDCJ2V5CQHxKyH5FFwAmcHUbjzAgMBAAGjgdkwgdYw 
    CQYDVR0TBAIwADAkBglghkgBhvhCAQ0EFxYVIlNhbXN1bmcgZWxlY3Ryb25pY3Mi 
    MB0GA1UdDgQWBBTdhKfUKlp5ocnU6K9BF4smWiDPbzBfBgNVHSMEWDBWoUmkRzBF 
    MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 
    ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkggkAvwoLvHnlSoIwCwYDVR0PBAQDAgUgMBYG 
    A1UdEQQPMA2CC3NhbXN1bmcuY29tMA0GCSqGSIb3DQEBBQUAA4GBAHfi+2JxtpvO 
    6MFZReZkXg+GMOt2UEPqFKpeJGCRdCoKnEmvBMUsp8PaopZ6uy/Z3V4FIhP/wcUv 
    fC1+feizmZkzO3ixThJH6zo3edEjZAA7KBj+ecfLYd/PTXkAfIJFM9RlCfAkbbbc 
    gGSDyBpGJ4wJHhB91bjK8qamUw5LJJrY 
    -----END CERTIFICATE----- 
    subject=/C=KR/L=Suwon/O=Samsung Electronics/OU=Digital Applicance/CN=a287848/emailAddress=moweon.lee@samsung.com 
    issuer=/C=KR/L=Suwon/O=Samsung Electronics/OU=Digital Applicance/CN=a287848/emailAddress=moweon.lee@samsung.com 
    --- 
    No client certificate CA names sent 
    --- 
    SSL handshake has read 1212 bytes and written 202 bytes 
    --- 
    New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA 
    Server public key is 1024 bit 
    Compression: NONE 
    Expansion: NONE 
    SSL-Session: 
     Protocol : TLSv1 
     Cipher : DHE-RSA-AES256-SHA 
     Session-ID: D4576CA26103343877505F0B1726833E7F3C76481EFDEF21B482C4D4FBA 
     Session-ID-ctx: 
     Master-Key: 7609462DC362B422115C370DA282106208842119047CF97F384F3E1B5079AF5CE72A5CF9FA35A41C2D67400672E70CAE 
     Key-Arg : None 
     Start Time: 1498081620 
     Timeout : 300 (sec) 
     Verify return code: 21 (unable to verify the first certificate) 
    --- 
    DRC-1.00 
    

    closed 

Answer 1

你所面臨的問題是最有可能的SSL/TLS協議的版本。

您的回撥是正確的。

如果你的服務器只允許SSLv3和TLSv10，並且你的客戶端需要TLSv12，那麼你將會收到這樣的錯誤。

使它們都使用相同的版本。

使用此：

ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12; 

注：根據您的協議版本，則相應更改佔位符。