问题描述
我正在开发一个TCP客户端,以使用证书身份验证连接OpenSSL服务器.我正在使用服务器团队共享的.crt和.key文件.这些证书是由OpenSSL命令生成的.
I am developing a TCP client to connect OpenSSL server with the certificate authentication. I have using .crt and .key files shared by server team. These certificates are generated by OpenSSL commands.
我正在使用 SslStream
对象以通过调用 SslStream.AuthenticateAsClient
方法,方法是传递服务器IP
, SslProtocols.Ssl3
和X509CertificateCollection
.
我遇到以下错误:
推荐答案
我建议不要将SecurityProtocol限制为TLS 1.1.
I would advise against restricting the SecurityProtocol to TLS 1.1.
推荐的解决方案是使用
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls
另一个选择是添加以下注册表项:
Another option is add the following Registry key:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
Value: SchUseStrongCrypto
值得注意的是,.NET 4.6默认情况下将使用正确的协议,并且不需要这两种解决方案.
It is worth noting that .NET 4.6 will use the correct protocol by default and does not require either solution.
这篇关于身份验证失败,因为远程方已关闭传输流的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!