尽管设置了ServerCertificateValidationCallback，但无法创建SSL / TLS安全通道

本文介绍了尽管设置了ServerCertificateValidationCallback，但无法创建SSL / TLS安全通道的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在尝试与使用自签名证书的测试服务器建立SSL / TLS连接。通过不安全通道进行通信没有问题。

I'm trying to establish SSL/TLS connection to test server with self-signed certificate. Communication through unsecure channel worked without issues.

这是我的示例代码，我根据此解决方案编写：

Here is my sample code, which I've written based on this solutions:Allowing Untrusted SSL Certificates with HttpClientC# Ignore certificate errors?.NET client connecting to ssl Web API

ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;

var c = new HttpClient();
var r = c.GetAsync("https://10.3.0.1:8443/rest/v1").Result;
if (r.IsSuccessStatusCode)
{
    Log.AddMessage(r.Content.Get<string>());
}
else
{
    Log.AddMessage(string.Format("{0} ({1})", (int)r.StatusCode, r.ReasonPhrase));
}

也试过这个：

var handler = new WebRequestHandler();
handler.ServerCertificateValidationCallback = delegate { return true; };
var c = new HttpClient(handler);
...

这个

ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

但每次我都有例外：

InnerException: System.Net.Http.HttpRequestException
   _HResult=-2146233088
   _message=An error occurred while sending the request.
   HResult=-2146233088
   IsTransient=false
   Message=An error occurred while sending the request.
   InnerException: System.Net.WebException
        _HResult=-2146233079
        _message=The request was aborted: Could not create SSL/TLS secure channel.
        HResult=-2146233079
        IsTransient=false
        Message=The request was aborted: Could not create SSL/TLS secure channel.
        Source=System
        StackTrace:
             at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
             at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
        InnerException:

我做错了什么？为什么我无法连接到此服务器（具有无效的自签名证书）

What do I do wrong? Why I can't connect to this server (which has invalid-self-signed certificate)

推荐答案

您正在使用ServerCertificateValidationCallback。这不是你面临的问题。您遇到的问题很可能是SSL / TLS协议的版本。

You are doing it right with ServerCertificateValidationCallback. This is not the problem you are facing. The problem you are facing is most likely the version of SSL/TLS protocol.

例如，如果您的服务器仅提供SSLv3和TLSv10，而您的客户端需要TLSv12那么您将收到此错误消息。您需要做的是确保客户端和服务器都支持通用协议版本。

For example, if your server offers only SSLv3 and TLSv10 and your client needs TLSv12 then you will receive this error message. What you need to do is to make sure that both client and server have a common protocol version supported.

当我需要一个能够连接到多个服务器的客户端时尽可能（而不是尽可能安全）我使用它（连同设置验证回调）：

When I need a client that is able to connect to as many servers as possible (rather than to be as secure as possible) I use this (together with setting the validation callback):

  ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

这篇关于尽管设置了ServerCertificateValidationCallback，但无法创建SSL / TLS安全通道的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！