請求被中止：無法創建SSL/TLS安全通道

我的客戶已通知我有關SSL和Internet Explorer的問題。他們表示，他們在訪問URL時遇到了信任問題。請求被中止：無法創建SSL/TLS安全通道

我正在通過HTTPS訪問JSON。該網站坐落在一臺服務器上，我正在使用本地計算機上的控制檯應用程序。我試圖繞過SSL證書，但是，我的代碼仍然失敗。

我可以改變HttpWebRequest來解決這個問題嗎？

// You must change the URL to point to your Web server. 
     HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url); 
     req.Method = "GET"; 
     req.AllowAutoRedirect = true; 

     // allows for validation of SSL conversations 
     ServicePointManager.ServerCertificateValidationCallback = delegate { return true; }; 


     WebResponse respon = req.GetResponse(); 
     Stream res = respon.GetResponseStream(); 

     string ret = ""; 
     byte[] buffer = new byte[1048]; 
     int read = 0; 
     while ((read = res.Read(buffer, 0, buffer.Length)) > 0) 
     { 
      //Console.Write(Encoding.ASCII.GetString(buffer, 0, read)); 
      ret += Encoding.ASCII.GetString(buffer, 0, read); 
     } 
     return ret;

來源

2012-05-30 Joseph Anderson

是否使用自簽名證書允許您檢查您的客戶端證書？ –

不，客戶說Comodo。 –

[該請求被中止：無法創建SSL/TLS安全通道]（https://stackoverflow.com/questions/2859790/the-request-was-aborted-could-not-create-ssl-tls-安全通道） –

我能使用此代碼記錄：

http://blogs.msdn.com/b/dgorti/archive/2005/09/18/471003.aspx

日誌是在bin/debug文件夾（我是在調試模式下爲我的控制檯應用程序）。您需要將安全協議類型添加爲SSL 3

我收到日誌中的算法不匹配。這是我的新代碼：

 // You must change the URL to point to your Web server. 
     HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url); 
     req.Method = "GET"; 
     ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3; 


     // Skip validation of SSL/TLS certificate 
     ServicePointManager.ServerCertificateValidationCallback = delegate { return true; }; 


     WebResponse respon = req.GetResponse(); 
     Stream res = respon.GetResponseStream(); 

     string ret = ""; 
     byte[] buffer = new byte[1048]; 
     int read = 0; 
     while ((read = res.Read(buffer, 0, buffer.Length)) > 0) 
     { 
      Console.Write(Encoding.ASCII.GetString(buffer, 0, read)); 
      ret += Encoding.ASCII.GetString(buffer, 0, read); 
     } 
     return ret;

來源

2012-05-31 16:09:36

需要提及的是，在SSLv3上發現了一個bug（http://security.stackexchange.com/a/70724），大多數實現將不再允許它。您應該使用'SecurityProtocolType.Tls12'來代替。 – douglaslps

注意，使用這種解決方案意味着* *任何服務器證書將視爲有效接受（因爲'ServerCertificateValidationCallback'總是返回true） –

這可能是由一些事情引起的（最有可能最有可能）：

服務器的SSL證書是不可信

我使用此代碼得到這個錯誤客戶。最簡單的檢查就是將瀏覽器指向URL並查看是否獲得SSL鎖定圖標。如果你得到一個鎖壞了，圖標，點擊它，看看有什麼問題是：
1. 過期日期 - 獲得一個新的SSL證書
2. 名稱不匹配 - 請確保您的網址使用相同的服務器名稱作爲證書。
3. 未由受信任的授權機構簽署 - 從授權機構（如Verisign）購買證書，或將證書添加到客戶端的受信任證書庫中。
4. 在測試環境中，您可以更新證書驗證程序以跳過訪問檢查。不要在生產中這樣做。
服務器要求客戶端SSL證書 - 在這種情況下，您將不得不更新您的代碼以使用客戶端證書對請求進行簽名。

來源

2012-05-30 20:43:30

除了最後一點，一切都很好。客戶端證書不用於簽署請求，它在握手中提供，因此需要在連接打開之前將其提供給傳輸。如何在Javascript中完成這項工作留給讀者練習;-) – EJP

如何使用客戶端證書籤名？我添加了ServicePointManager.ServerCertificateValidationCallback = delegate {return true; }，但它仍然給我錯誤。 –

您的評論「需要客戶端SSL證書」幫助我查看了我發送的實際證書....以及我的新問題。現在是「呃」時刻，但現在幾個小時前！ Thx – granadaCoder

105

我不得不啓用其它安全協議版本來解決此問題：

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls 
     | SecurityProtocolType.Tls11 
     | SecurityProtocolType.Tls12 
     | SecurityProtocolType.Ssl3;

來源

2014-11-05 16:37:11 glm

失去2天意識到這一點，反編譯HttpWebRequest類，但是隻有切換到TLS幫助。 –

高超的回答+1 – Hitesh

烏夫，我幾乎失去了我的想法！這是失蹤的一塊！ – jsicary

請參閱以下鏈接一次。 SecurityProtocolType.SsL3現在是舊的。

http://codemust.com/poodle-vulnerability-fix-openssl/

來源

2014-11-24 09:07:11

問題在2歲以上，我敢肯定他們現在知道SSL3是不安全的。 – Lankymart

到an existing answer但在PowerShell中類似：

[System.Net.ServicePointManager]::SecurityProtocol = ` 
[System.Net.SecurityProtocolType]::Tls11 -bor 
[System.Net.SecurityProtocolType]::Tls12 -bor ` 
[System.Net.SecurityProtocolType]::Tls -bor ` 
[System.Net.SecurityProtocolType]::Ssl3

然後調用調用-的WebRequest應該工作。

得到這個匿名反饋意見，好建議：寫更簡單的方法，這將是：

[System.Net.ServicePointManager]::SecurityProtocol = @("Tls12","Tls11","Tls","Ssl3")

通過Jaykul發現這個夢幻般的和相關的帖子：Validating Self-Signed Certificates From .Net and PowerShell

來源

2016-02-17 21:12:19

答案依賴於你如何排序他們，並默認情況下，他們有多少票。考慮引用其作者的其他答案。 – Litty

woot謝謝你的這篇文章......我很困惑如何設置協議類型。 –

我發現證書的類型也發揮作用。

我有一個證書，這是：

（以下產量爲MMC，證書屬性）

數字簽名，密鑰加密（A0）

（以下輸出是從我的C＃下面的代碼）

X509Extension.X509KeyUsageExtension.KeyUsages = 'KeyEncipherment，的DigitalSignature' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.CrlSign = '假' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DataEncipherment = '假' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DecipherOnly = '假' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DigitalSignature = '真' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.EncipherOnly = '假' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyAgreement = '假' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyCertSign = '假' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyEncipherment = '真' X509KeyUsageExtension.KeyUsages.X509KeyU sageFlags.None = '假' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.NonRepudiation = '假'

上面沒有不工作。

===============================

然後與另一證書：

（該下面的輸出是在MMC卡，證書屬性）

證書籤名，脫機CRL簽名，CRL簽名（06）

（以下輸出是從下面我的C＃代碼）

X509Extension.X509KeyUsageExtension.KeyUsages = 'CrlSign，KeyCertSign' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.CrlSign = '真 ' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DataEncipherment =' 假' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DecipherOnly =」假」 X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DigitalSignature = '假' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.EncipherOnly = '假' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyAgreement = 'FALSE' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags。KeyCertSign = '真 ' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyEncipherment =' 假' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.None = '假' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.NonRepudiation = '假'

，它沒有工作

下面的代碼將

using System; 
using System.Collections.Generic; 
using System.Linq; 
using System.Security.Cryptography; 
using System.Security.Cryptography.X509Certificates; 
using System.Text; 

namespace MyNamespace 
{ 
    public static class SecurityShower 
    { 
     public static void ShowHttpWebRequest(System.Net.HttpWebRequest hwr) 
     { 
      StringBuilder sb = new StringBuilder(); 
      if (null != hwr) 
      { 
       sb.Append("-----------------------------------------------HttpWebRequest" + System.Environment.NewLine); 
       sb.Append(string.Format("HttpWebRequest.Address.AbsolutePath='{0}'", hwr.Address.AbsolutePath) + System.Environment.NewLine); 
       sb.Append(string.Format("HttpWebRequest.Address.AbsoluteUri='{0}'", hwr.Address.AbsoluteUri) + System.Environment.NewLine); 
       sb.Append(string.Format("HttpWebRequest.Address='{0}'", hwr.Address) + System.Environment.NewLine); 

       sb.Append(string.Format("HttpWebRequest.RequestUri.AbsolutePath='{0}'", hwr.RequestUri.AbsolutePath) + System.Environment.NewLine); 
       sb.Append(string.Format("HttpWebRequest.RequestUri.AbsoluteUri='{0}'", hwr.RequestUri.AbsoluteUri) + System.Environment.NewLine); 
       sb.Append(string.Format("HttpWebRequest.RequestUri='{0}'", hwr.RequestUri) + System.Environment.NewLine); 

       foreach (X509Certificate cert in hwr.ClientCertificates) 
       { 
        sb.Append("START*************************************************"); 
        ShowX509Certificate(sb, cert); 
        sb.Append("END*************************************************"); 
       } 
      } 

      string result = sb.ToString(); 
      Console.WriteLine(result); 
     } 

     public static void ShowCertAndChain(X509Certificate2 cert) 
     { 
      X509Chain chain = new X509Chain(); 
      chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain; 
      chain.ChainPolicy.RevocationMode = X509RevocationMode.Offline; 
      chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags; 

      ////chain.ChainPolicy.VerificationFlags = X509VerificationFlags.IgnoreCtlSignerRevocationUnknown && 
      ////X509VerificationFlags.IgnoreRootRevocationUnknown && 
      ////X509VerificationFlags.IgnoreEndRevocationUnknown && 
      ////X509VerificationFlags.IgnoreCertificateAuthorityRevocationUnknown && 
      ////X509VerificationFlags.IgnoreCtlNotTimeValid; 

      chain.Build(cert); 

      ShowCertAndChain(cert, chain); 
     } 

     public static void ShowCertAndChain(X509Certificate cert, X509Chain chain) 
     { 
      StringBuilder sb = new StringBuilder(); 
      if (null != cert) 
      { 
       ShowX509Certificate(sb, cert); 
      } 

      if (null != chain) 
      { 
       sb.Append("-X509Chain(Start)-" + System.Environment.NewLine); 
       ////sb.Append(string.Format("Cert.ChainStatus='{0}'", string.Join(",", chain.ChainStatus.ToList())) + System.Environment.NewLine); 

       foreach (X509ChainStatus cstat in chain.ChainStatus) 
       { 
        sb.Append(string.Format("X509ChainStatus::'{0}'-'{1}'", cstat.Status.ToString(), cstat.StatusInformation) + System.Environment.NewLine); 
       } 

       X509ChainElementCollection ces = chain.ChainElements; 
       ShowX509ChainElementCollection(sb, ces); 
       sb.Append("-X509Chain(End)-" + System.Environment.NewLine); 
      } 

      string result = sb.ToString(); 
      Console.WriteLine(result); 
     } 

     private static void ShowX509Extension(StringBuilder sb, int x509ExtensionCount, X509Extension ext) 
     { 
      sb.Append(string.Empty + System.Environment.NewLine); 
      sb.Append(string.Format("--------X509ExtensionNumber(Start):{0}", x509ExtensionCount) + System.Environment.NewLine); 
      sb.Append(string.Format("X509Extension.Critical='{0}'", ext.Critical) + System.Environment.NewLine); 

      AsnEncodedData asndata = new AsnEncodedData(ext.Oid, ext.RawData); 
      sb.Append(string.Format("Extension type: {0}", ext.Oid.FriendlyName) + System.Environment.NewLine); 
      sb.Append(string.Format("Oid value: {0}", asndata.Oid.Value) + System.Environment.NewLine); 
      sb.Append(string.Format("Raw data length: {0} {1}", asndata.RawData.Length, Environment.NewLine) + System.Environment.NewLine); 
      sb.Append(asndata.Format(true) + System.Environment.NewLine); 

      X509BasicConstraintsExtension basicEx = ext as X509BasicConstraintsExtension; 
      if (null != basicEx) 
      { 
       sb.Append("-X509BasicConstraintsExtension-" + System.Environment.NewLine); 
       sb.Append(string.Format("X509Extension.X509BasicConstraintsExtension.CertificateAuthority='{0}'", basicEx.CertificateAuthority) + System.Environment.NewLine); 
      } 

      X509EnhancedKeyUsageExtension keyEx = ext as X509EnhancedKeyUsageExtension; 
      if (null != keyEx) 
      { 
       sb.Append("-X509EnhancedKeyUsageExtension-" + System.Environment.NewLine); 
       sb.Append(string.Format("X509Extension.X509EnhancedKeyUsageExtension.EnhancedKeyUsages='{0}'", keyEx.EnhancedKeyUsages) + System.Environment.NewLine); 
       foreach (Oid oi in keyEx.EnhancedKeyUsages) 
       { 
        sb.Append(string.Format("------------EnhancedKeyUsages.Oid.FriendlyName='{0}'", oi.FriendlyName) + System.Environment.NewLine); 
        sb.Append(string.Format("------------EnhancedKeyUsages.Oid.Value='{0}'", oi.Value) + System.Environment.NewLine); 
       } 
      } 

      X509KeyUsageExtension usageEx = ext as X509KeyUsageExtension; 
      if (null != usageEx) 
      { 
       sb.Append("-X509KeyUsageExtension-" + System.Environment.NewLine); 
       sb.Append(string.Format("X509Extension.X509KeyUsageExtension.KeyUsages='{0}'", usageEx.KeyUsages) + System.Environment.NewLine); 
       sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.CrlSign='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.CrlSign) != 0) + System.Environment.NewLine); 
       sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DataEncipherment='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.DataEncipherment) != 0) + System.Environment.NewLine); 
       sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DecipherOnly='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.DecipherOnly) != 0) + System.Environment.NewLine); 
       sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DigitalSignature='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.DigitalSignature) != 0) + System.Environment.NewLine); 
       sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.EncipherOnly='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.EncipherOnly) != 0) + System.Environment.NewLine); 
       sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyAgreement='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.KeyAgreement) != 0) + System.Environment.NewLine); 
       sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyCertSign='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.KeyCertSign) != 0) + System.Environment.NewLine); 
       sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyEncipherment='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.KeyEncipherment) != 0) + System.Environment.NewLine); 
       sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.None='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.None) != 0) + System.Environment.NewLine); 
       sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.NonRepudiation='{0}'", (usageEx.KeyUsages & X509KeyUsageFlags.NonRepudiation) != 0) + System.Environment.NewLine); 
      } 

      X509SubjectKeyIdentifierExtension skIdEx = ext as X509SubjectKeyIdentifierExtension; 
      if (null != skIdEx) 
      { 
       sb.Append("-X509SubjectKeyIdentifierExtension-" + System.Environment.NewLine); 
       sb.Append(string.Format("X509Extension.X509SubjectKeyIdentifierExtension.Oid='{0}'", skIdEx.Oid) + System.Environment.NewLine); 
       sb.Append(string.Format("X509Extension.X509SubjectKeyIdentifierExtension.SubjectKeyIdentifier='{0}'", skIdEx.SubjectKeyIdentifier) + System.Environment.NewLine); 
      } 

      sb.Append(string.Format("--------X509ExtensionNumber(End):{0}", x509ExtensionCount) + System.Environment.NewLine); 
     } 

     private static void ShowX509Extensions(StringBuilder sb, string cert2SubjectName, X509ExtensionCollection extColl) 
     { 
      int x509ExtensionCount = 0; 
      sb.Append(string.Format("--------ShowX509Extensions(Start):for:{0}", cert2SubjectName) + System.Environment.NewLine); 
      foreach (X509Extension ext in extColl) 
      { 
       ShowX509Extension(sb, ++x509ExtensionCount, ext); 
      } 

      sb.Append(string.Format("--------ShowX509Extensions(End):for:{0}", cert2SubjectName) + System.Environment.NewLine); 
     } 

     private static void ShowX509Certificate2(StringBuilder sb, X509Certificate2 cert2) 
     { 
      if (null != cert2) 
      { 
       sb.Append(string.Format("X509Certificate2.SubjectName.Name='{0}'", cert2.SubjectName.Name) + System.Environment.NewLine); 
       sb.Append(string.Format("X509Certificate2.Subject='{0}'", cert2.Subject) + System.Environment.NewLine); 
       sb.Append(string.Format("X509Certificate2.Thumbprint='{0}'", cert2.Thumbprint) + System.Environment.NewLine); 
       sb.Append(string.Format("X509Certificate2.HasPrivateKey='{0}'", cert2.HasPrivateKey) + System.Environment.NewLine); 
       sb.Append(string.Format("X509Certificate2.Version='{0}'", cert2.Version) + System.Environment.NewLine); 
       sb.Append(string.Format("X509Certificate2.NotBefore='{0}'", cert2.NotBefore) + System.Environment.NewLine); 
       sb.Append(string.Format("X509Certificate2.NotAfter='{0}'", cert2.NotAfter) + System.Environment.NewLine); 
       sb.Append(string.Format("X509Certificate2.PublicKey.Key.KeySize='{0}'", cert2.PublicKey.Key.KeySize) + System.Environment.NewLine); 

       ////List<X509KeyUsageExtension> keyUsageExtensions = cert2.Extensions.OfType<X509KeyUsageExtension>().ToList(); 
       ////List<X509Extension> extensions = cert2.Extensions.OfType<X509Extension>().ToList(); 

       ShowX509Extensions(sb, cert2.Subject, cert2.Extensions); 
      } 
     } 

     private static void ShowX509ChainElementCollection(StringBuilder sb, X509ChainElementCollection ces) 
     { 
      int x509ChainElementCount = 0; 
      foreach (X509ChainElement ce in ces) 
      { 
       sb.Append(string.Empty + System.Environment.NewLine); 
       sb.Append(string.Format("----X509ChainElementNumber:{0}", ++x509ChainElementCount) + System.Environment.NewLine); 
       sb.Append(string.Format("X509ChainElement.Cert.SubjectName.Name='{0}'", ce.Certificate.SubjectName.Name) + System.Environment.NewLine); 
       sb.Append(string.Format("X509ChainElement.Cert.Issuer='{0}'", ce.Certificate.Issuer) + System.Environment.NewLine); 
       sb.Append(string.Format("X509ChainElement.Cert.Thumbprint='{0}'", ce.Certificate.Thumbprint) + System.Environment.NewLine); 
       sb.Append(string.Format("X509ChainElement.Cert.HasPrivateKey='{0}'", ce.Certificate.HasPrivateKey) + System.Environment.NewLine); 

       X509Certificate2 cert2 = ce.Certificate as X509Certificate2; 
       ShowX509Certificate2(sb, cert2); 

       ShowX509Extensions(sb, cert2.Subject, ce.Certificate.Extensions); 
      } 
     } 

     private static void ShowX509Certificate(StringBuilder sb, X509Certificate cert) 
     { 
      sb.Append("-----------------------------------------------" + System.Environment.NewLine); 
      sb.Append(string.Format("Cert.Subject='{0}'", cert.Subject) + System.Environment.NewLine); 
      sb.Append(string.Format("Cert.Issuer='{0}'", cert.Issuer) + System.Environment.NewLine); 

      sb.Append(string.Format("Cert.GetPublicKey().Length='{0}'", cert.GetPublicKey().Length) + System.Environment.NewLine); 

      X509Certificate2 cert2 = cert as X509Certificate2; 
      ShowX509Certificate2(sb, cert2); 
     } 
    } 
}

來源

2017-09-13 17:21:46 granadaCoder

請求被中止：無法創建SSL/TLS安全通道

回答

相關問題