如何解决C#tls1.3异常:无法联系本地安全机构
根据.NET 5.0和TLS 1.3 support will also be added to .NET beginning with version 5.0最终发布了Microsoft is planning to add TLS 1.3 support to the .NET framework with the arrival of .NET 5.0,tls1.3在.NET 5.0项目中工作。
因此,我创建了一个测试“控制台应用程序(.NET Core)”项目。 然后我将此项目定位到.net5.0 添加测试代码
using System;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;
namespace TestSsl {
class Program {
static void Main(string[] args) {
object locker = new object();
SslProtocols protocol = SslProtocols.Tls13;
Console.WriteLine($"testing SslProtocols.{protocol}");
int port = 1999;
RemoteCertificateValidationCallback certificateValidationCallback = (sender,certificate,chain,sslPolicyErrors) => {
return (true);
};
X509Certificate2 serverCert = new X509Certificate2("server.pfx","testpass123");
X509Certificate2 clientCert = new X509Certificate2("client.pfx","testpass123");
TcpListener server = TcpListener.Create(port);
server.Server.SetSocketOption(SocketOptionLevel.Socket,SocketOptionName.KeepAlive,true);
server.Server.NoDelay = true;
server.Server.SetSocketOption(SocketOptionLevel.IPv6,SocketOptionName.IPv6Only,false);
server.Start();
Task taskServer = Task.Run(() => {
TcpClient romoteClient = server.AcceptTcpClient();
Task.Run(() => {
using(romoteClient) {
using(SslStream sslStreamRomoteClient = new SslStream(romoteClient.GetStream(),false,certificateValidationCallback)) {
try {
sslStreamRomoteClient.AuthenticateAsServer(serverCert,true,protocol,true);
byte[] buf = new byte[1000];
int len = sslStreamRomoteClient.Read(buf,buf.Length);
string receive = Encoding.UTF8.GetString(buf,len);
Console.WriteLine($"server receive:{receive}");
sslStreamRomoteClient.Write(Encoding.UTF8.GetBytes("Ok"));
Console.WriteLine($"server send:Ok");
} catch(Exception ex) {
lock(locker) {
Console.WriteLine("======Server Exception==========================");
Console.WriteLine(ex);
}
}
}
}
}).Wait();
});
Task taskClient = Task.Run(() => {
try {
using(TcpClient client = new TcpClient()) {
client.Connect("127.0.0.1",port);
using(SslStream sslStreamClient = new SslStream(client.GetStream(),certificateValidationCallback)) {
sslStreamClient.AuthenticateAsClient("127.0.0.1",new X509CertificateCollection() { clientCert },true);
string send = "hi,i am testing tls";
sslStreamClient.Write(Encoding.UTF8.GetBytes(send));
Console.WriteLine($"client send:{send}");
byte[] buf = new byte[1000];
int len = sslStreamClient.Read(buf);
string receive = Encoding.UTF8.GetString(buf,len);
Console.WriteLine($"client receive:{receive}");
}
}
} catch(Exception ex) {
lock(locker) {
Console.WriteLine("======Client Exception==========================");
Console.WriteLine(ex);
}
}
});
Task.WaitAll(taskClient,taskServer);
}
}
}
根据how to enable TLS 1.3 in windows 10,我之前已在regedit中启用TLS 1.3
我的Windows版本
我如何创建这些pfx证书
CRTPASS="testpass123"
CRTNAME="server"
SUBJECT="/C=DE/ST=test/L=test/O=test GmbH/OU=test/CN=test[${CRTNAME}]/emailAddress=test@test.de"
rm -f ${CRTNAME}.key ${CRTNAME}.csr ${CRTNAME}.crt ${CRTNAME}.pfx
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -pkeyopt rsa_keygen_pubexp:65537 -aes-256-cbc -des3 -pass pass:${CRTPASS} -out ${CRTNAME}.key
openssl req -new -sha384 -subj "${SUBJECT}" -key ${CRTNAME}.key -out ${CRTNAME}.csr
openssl x509 -req -days 3650 -signkey ${CRTNAME}.key -in ${CRTNAME}.csr -out ${CRTNAME}.crt
openssl pkcs12 -export -out ${CRTNAME}.pfx -inkey ${CRTNAME}.key -in ${CRTNAME}.crt
openssl x509 -text -in ${CRTNAME}.crt
CRTNAME="client"
SUBJECT="/C=DE/ST=Westerstede/L=Westerstede/O=test GmbH/OU=test/CN=test[${CRTNAME}]/emailAddress=test@test.de"
rm -f ${CRTNAME}.key ${CRTNAME}.csr ${CRTNAME}.crt ${CRTNAME}.pfx
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -pkeyopt rsa_keygen_pubexp:65537 -aes-256-cbc -des3 -pass pass:${CRTPASS} -out ${CRTNAME}.key
openssl req -new -sha384 -subj "${SUBJECT}" -key ${CRTNAME}.key -out ${CRTNAME}.csr
openssl x509 -req -days 3650 -signkey ${CRTNAME}.key -in ${CRTNAME}.csr -out ${CRTNAME}.crt
openssl pkcs12 -export -out ${CRTNAME}.pfx -inkey ${CRTNAME}.key -in ${CRTNAME}.crt
openssl x509 -text -in ${CRTNAME}.crt
在我针对“ .NET Core 3.1”的“控制台应用程序(.NET Core)”中测试similar codes之前,发生了“无法确定帧大小或接收到损坏的帧”的异常>
我想知道:
1,.NET 5.0是否已经支持tls1.3?
2,此异常是否可能是因为我的pfx证书问题?
3,Windows 10是否支持tls1.3?如果没有,什么时候呢?我找不到官方计划。
4,在当前情况下如何在UWP项目中使用tls1.3?
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。