已经使用Tls12还是报错The request was aborted: Could not create SSL/TLS secure channel

Go 旅城通票 2018-08-15 09:59:16
加精 
 <%@ WebHandler Language="C#" Class="data" %>



using System;

using System.Web;

using System.Net;

using System.Text;

using System.Net.Security;

using System.IO;

public class data : IHttpHandler

{

    public void ProcessRequest(HttpContext context)

    {

        ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback((a,b,c,d) => { return true; });

        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;



        HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create("https://smdc.com/properties");





        HttpWebResponse response = (HttpWebResponse)request.GetResponse();

        StreamReader srd = new StreamReader(response.GetResponseStream(), Encoding.UTF8);

        string html = srd.ReadToEnd();

        srd.Close();



        response.Close();

        request.Abort();



        context.Response.Write(html);

    }



    public bool IsReusable {

        get {

            return false;

        }

    }



}

上面简单的爬虫代码,在window10下可以正常获取html并输出,但是在window7或者window 2008下就出现下面的错误


The request was aborted: Could not create SSL/TLS secure channel.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

Source Error:
Line 17:
Line 18:
Line 19: HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Line 20: StreamReader srd = new StreamReader(response.GetResponseStream(), Encoding.UTF8);
Line 21: string html = srd.ReadToEnd();

是window7缺少什么?

示例网站https://smdc.com/properties使用的加密算法是下面的,win7会出错




win7如果访问的是下面2种的不会出错


https://ask.csdn.net/




是win7缺少什么证书之类的吗?
...全文
6951 12 打赏 收藏 转发到动态 举报
写回复
用AI写文章
12 条回复
切换为时间正序
请发表友善的回复…
发表回复
+Q1062037521 2018-08-21
  • 打赏
  • 举报
 回复
看了window10有TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384这个算法。。看来win7得想办法添加才行了。。先安装window10解决问题先了。。
0 0
coldfire999 2018-08-18
  • 打赏
  • 举报
 回复
upupupupup
Go 旅城通票 2018-08-18
  • 打赏
  • 举报
 回复
引用 10 楼 youbl 的回复:
你Wireshark抓包过滤器设置不对吧?只看到你的机器发过去的包,没看到响应的包,
应该是目标机 和 源机都要设置:
ip dst host 174.138.16.29 || ip src host 174.138.16.29

另外从myssl站点检测结果,他那个站点只支持TLS1.2和下面3个加密套件:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030) 256 bits FS
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9F) 256 bits FS
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028) 256 bits FS

你只能想办法在本机看看怎么添加了


看了window10有TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384这个算法。。看来win7得想办法添加才行了。。先安装window10解决问题先了。。
shen_wei 2018-08-17
  • 打赏
  • 举报
 回复
Go 旅城通票 2018-08-17
  • 打赏
  • 举报
 回复
上面是我电脑的,和他的TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384不匹配。。

以为framework版本问题,但是最新的4.7已经安装了,4.6.2也是安装过的

Wireshark抓包数据下面,hello后就没下文了。。

Frame 77: 204 bytes on wire (1632 bits), 204 bytes captured (1632 bits) on interface 0
Interface id: 0 (\Device\NPF_{3760328A-C444-47C6-B7B8-7C9E41E71D16})
Encapsulation type: Ethernet (1)
Arrival Time: Aug 17, 2018 11:42:24.186546000 �й���׼ʱ��
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1534477344.186546000 seconds
[Time delta from previous captured frame: 0.004361000 seconds]
[Time delta from previous displayed frame: 0.004361000 seconds]
[Time since reference or first frame: 11.973351000 seconds]
Frame Number: 77
Frame Length: 204 bytes (1632 bits)
Capture Length: 204 bytes (1632 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:ssl]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: Elitegro_80:68:8f (00:25:11:80:68:8f), Dst: 78:44:fd:69:c7:50 (78:44:fd:69:c7:50)
Destination: 78:44:fd:69:c7:50 (78:44:fd:69:c7:50)
Address: 78:44:fd:69:c7:50 (78:44:fd:69:c7:50)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Elitegro_80:68:8f (00:25:11:80:68:8f)
Address: Elitegro_80:68:8f (00:25:11:80:68:8f)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.1.68, Dst: 174.138.16.29
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 190
Identification: 0x5ff7 (24567)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x59af [validation disabled]
[Header checksum status: Unverified]
Source: 192.168.1.68
Destination: 174.138.16.29
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 1554, Dst Port: 443, Seq: 1, Ack: 1, Len: 150
Source Port: 1554
Destination Port: 443
[Stream index: 5]
[TCP Segment Len: 150]
Sequence number: 1 (relative sequence number)
[Next sequence number: 151 (relative sequence number)]
Acknowledgment number: 1 (relative ack number)
Header Length: 20 bytes
Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······AP···]
Window size value: 16500
[Calculated window size: 66000]
[Window size scaling factor: 4]
Checksum: 0xb359 [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
[SEQ/ACK analysis]
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 145
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 141
Version: TLS 1.2 (0x0303)
Random
Session ID Length: 0
Cipher Suites Length: 42
Cipher Suites (21 suites)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 58
Extension: renegotiation_info
Extension: server_name
Extension: elliptic_curves
Extension: ec_point_formats
Extension: signature_algorithms

Go 旅城通票 2018-08-17
  • 打赏
  • 举报
 回复
确定安全套接字层(SSL)使用的密码套件。

如果启用此设置,则 SSL 密码套件将按指定的顺序进行排列。

如果禁用或不配置此设置,则将使用出厂默认密码套件顺序。

SSL2、SSL3、TLS 1.0 和 TLS 1.1 密码套件:

TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5
SSL_CK_RC4_128_WITH_MD5
SSL_CK_DES_192_EDE3_CBC_WITH_MD5
TLS_RSA_WITH_NULL_SHA
TLS_RSA_WITH_NULL_MD5

TLS 1.2 SHA256 和 SHA384 密码套件:

TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_NULL_SHA256

TLS 1.2 ECC GCM 密码套件:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521


如何修改此设置:

1. 打开一个空白写字板文档。

2. 复制可用套件的列表并将其粘贴到该文档中。

3. 按正确顺序排列套件;删除不想使用的所有套件。

4. 在每个套件名称的末尾键入一个逗号(最后一个套件名称除外)。确保没有嵌入空格。

5. 删除所有换行符,以便密码套件名称位于单独的一个长行上。

6. 将密码套件行复制到剪贴板,然后将其粘贴到编辑框中。最大长度为 1023 个字符。

Go 旅城通票 2018-08-17
  • 打赏
  • 举报
 回复
引用 5 楼 youbl 的回复:
参考这个,看看你自己机器支持的加密套件清单:
https://blog.csdn.net/pijianzhirui/article/details/70198695

另外,看这个测试结果: https://myssl.com/smdc.com?domain=smdc.com&status=q
Win7加IE11是正常的,你可以安装一个IE11,看看会不会改变。

。。。。和他的不一样。。。晕死。。。

游北亮 2018-08-17
  • 打赏
  • 举报
 回复
参考这个,看看你自己机器支持的加密套件清单:
https://blog.csdn.net/pijianzhirui/article/details/70198695

另外,看这个测试结果: https://myssl.com/smdc.com?domain=smdc.com&status=q
Win7加IE11是正常的,你可以安装一个IE11,看看会不会改变。
游北亮 2018-08-17
  • 打赏
  • 举报
 回复
https://smdc.com
刚刚测试了一下这个站点:https://myssl.com/smdc.com?domain=smdc.com&status=q
只支持TLS1.2和sha384,这么奇怪的站点!
我们都是在服务器上添加不同加密算法的支持来解决问题,

另外,我在Server2012上验证你的代码是没问题的,
走TLS1.2协议,客户端发Client Hello握手包时,会把自己支持的加密算法列表Cipher Suites 发给服务器,
服务器会正常返回 Server Hello握手包,并显式选择Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)

没有Win7环境验证,按你说的,估计是Win7环境不支持这个算法,
不过还是建议你用Wireshark抓包确认下,是不是Win7发的Client Hello包里没有SHA384
游北亮 2018-08-17
  • 打赏
  • 举报
 回复
你Wireshark抓包过滤器设置不对吧?只看到你的机器发过去的包,没看到响应的包,
应该是目标机 和 源机都要设置:
ip dst host 174.138.16.29 || ip src host 174.138.16.29

另外从myssl站点检测结果,他那个站点只支持TLS1.2和下面3个加密套件:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030) 256 bits FS
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9F) 256 bits FS
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028) 256 bits FS

你只能想办法在本机看看怎么添加了
Go 旅城通票 2018-08-16
  • 打赏
  • 举报
 回复
引用 1 楼 youbl 的回复:
用wireshark抓包,看下在握手的哪个环节出错的,我之前用Winxp也是访问 https 出错,抓包发现是握手时加密算法不一致导致的问题。

也可以用这个网站验证一下你请求的https站点,支持的加密算法:
https://myssl.com/www.sohu.com?domain=www.sohu.com&status=q

多谢回答

现在猜测是加密算法不一致导致的,不懂window7下具体要安装什么补丁asp.net才能解决这个问题。应该是window7下使用asp.net时不支持sha384,因为更新关闭了,不想全部打补丁一遍,全部打补丁还不如直接安装window10可能还快点

firefox48也是打不开这个网址,提示没有双方共用的加密算法,升级firefox到58就可以打开了,应该增加了sha384的支持

现在就是不懂window7要安装什么补丁,是asp.net能支持sha384,sha256加密的,如问答和论坛用上面的测试代码就能访问正常下载html不报错

但是访问https://smdc.com/就不行了,这个网址用的sha384

window10下上面的代码没有问题
游北亮 2018-08-16
  • 打赏
  • 举报
 回复
用wireshark抓包,看下在握手的哪个环节出错的,我之前用Winxp也是访问 https 出错,抓包发现是握手时加密算法不一致导致的问题。

也可以用这个网站验证一下你请求的https站点,支持的加密算法:
https://myssl.com/www.sohu.com?domain=www.sohu.com&status=q
The request was aborted: Could not create SSL/TLS secure channel 解决办法
在本地运行,什么事都没有,发布到服务器上死活就是请求不成功。The request was aborted: Could not create SSL/TLS secure channel”。其实最开始的异常是WebException 详细信息是“UnknowError”。这就比较尴尬了,最开始怀疑是网络问题,后来发现应该不是,还是得找原因。于是,各种加日志,终于暴露了这个误。 我这是webclient进行请求的,因为对方是银行的系统,所以各种证书加密很完善,还有一个PFX的网络证书。于是找到一个
解决无法建立SSL / TLS安全通道(The request was aborted: Could not create SSL/TLS secure channel)的问题
解决无法建立SSL / TLS安全通道(The request was aborted: Could not create SSL/TLS secure channel)的问题,未包含"Tls11"的定义,未包含"Tls12"的定义
VS2013The request was aborted: Could not create SSL/TLS secure channel.
Visual Studio 2013 Nuget(扩展和更新)无法连接网络分析和解决方法A connection to the server could not be established because the following error(s) occurred: The request was aborted: Could not create SSL/TLS secure channel.Please click here to retry the request. 由于出现以下误,无法建立与
解决The request was aborted: Could not create SSL/TLS secure channel.
解决The request was aborted: Could not create SSL/TLS secure channel. HttpWebRequest webRequest = null; HttpWebResponse webResponse = null; try { //webRequest = (System.Net.HttpWebRequest)WebRequest.Create(url); if (url.StartsWith("http
https网站访问第三方https网站时候The request was aborted:Could not create SSL/TLS secure channel....
https网站访问第三方https网站时候The request was aborted:Could not create SSL/TLS secure channel. 解决办法: if(Url.StartsWith("https",StringComparison.OrdinalIgnoreCase))//https请求 { ...
.NET社区

62,101

社区成员

669,025

社区内容

发帖
与我相关
我的任务
社区描述
.NET技术交流专区
javascript云原生 企业社区
社区管理员
  • ASP.NET
  • .Net开发者社区
  • R小R
加入社区
  • 近7日
  • 近30日
  • 至今

加载中

查看更多榜单
社区公告

.NET 社区是一个围绕开源 .NET 的开放、热情、创新、包容的技术社区。社区致力于为广大 .NET 爱好者提供一个良好的知识共享、协同互助的 .NET 技术交流环境。我们尊重不同意见,支持健康理性的辩论和互动,反对歧视和攻击。

希望和大家一起共同营造一个活跃、友好的社区氛围。

试试用AI创作助手写篇文章吧

+ 用AI写文章