最终.NET 5.0发布,根据TLS 1.3 支持也将从 5.0 版开始添加到 .NET 中,Microsoft 计划随着 .NET 5.0 的到来将 TLS 1.3 支持添加到 .NET 框架中 tls1.3 工作在一个.NET 5.0 项目。
所以我创建了一个测试“控制台应用程序(.NET Core)”项目。
然后我把这个项目定位到 .net5.0
添加测试代码
using System;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;
namespace TestSsl {
class Program {
static void Main(string[] args) {
object locker = new object();
SslProtocols protocol = SslProtocols.Tls13;
Console.WriteLine($"testing SslProtocols.{protocol}");
int port = 1999;
RemoteCertificateValidationCallback certificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => {
return (true);
};
X509Certificate2 serverCert = new X509Certificate2("server.pfx", "testpass123");
X509Certificate2 clientCert = new X509Certificate2("client.pfx", "testpass123");
TcpListener server = TcpListener.Create(port);
server.Server.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.KeepAlive, true);
server.Server.NoDelay = true;
server.Server.SetSocketOption(SocketOptionLevel.IPv6, SocketOptionName.IPv6Only, false);
server.Start();
Task taskServer = Task.Run(() => {
TcpClient romoteClient = server.AcceptTcpClient();
Task.Run(() => {
using(romoteClient) {
using(SslStream sslStreamRomoteClient = new SslStream(romoteClient.GetStream(), false, certificateValidationCallback)) {
try {
sslStreamRomoteClient.AuthenticateAsServer(serverCert, true, protocol, true);
byte[] buf = new byte[1000];
int len = sslStreamRomoteClient.Read(buf, 0, buf.Length);
string receive = Encoding.UTF8.GetString(buf, 0, len);
Console.WriteLine($"server receive:{receive}");
sslStreamRomoteClient.Write(Encoding.UTF8.GetBytes("Ok"));
Console.WriteLine($"server send:Ok");
} catch(Exception ex) {
lock(locker) {
Console.WriteLine("======Server Exception==========================");
Console.WriteLine(ex);
}
}
}
}
}).Wait();
});
Task taskClient = Task.Run(() => {
try {
using(TcpClient client = new TcpClient()) {
client.Connect("127.0.0.1", port);
using(SslStream sslStreamClient = new SslStream(client.GetStream(), false, certificateValidationCallback)) {
sslStreamClient.AuthenticateAsClient("127.0.0.1", new X509CertificateCollection() { clientCert }, protocol, true);
string send = "hi, i am testing tls";
sslStreamClient.Write(Encoding.UTF8.GetBytes(send));
Console.WriteLine($"client send:{send}");
byte[] buf = new byte[1000];
int len = sslStreamClient.Read(buf);
string receive = Encoding.UTF8.GetString(buf, 0, len);
Console.WriteLine($"client receive:{receive}");
}
}
} catch(Exception ex) {
lock(locker) {
Console.WriteLine("======Client Exception==========================");
Console.WriteLine(ex);
}
}
});
Task.WaitAll(taskClient, taskServer);
}
}
}
根据如何在 Windows 10 中启用 TLS 1.3,我之前已经在 regedit 中启用了 TLS 1.3
我的windows版本
我是如何创建这些 pfx 证书的
CRTPASS="testpass123"
CRTNAME="server"
SUBJECT="/C=DE/ST=test/L=test/O=test GmbH/OU=test/CN=test[${CRTNAME}]/emailAddress=test@test.de"
rm -f ${CRTNAME}.key ${CRTNAME}.csr ${CRTNAME}.crt ${CRTNAME}.pfx
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -pkeyopt rsa_keygen_pubexp:65537 -aes-256-cbc -des3 -pass pass:${CRTPASS} -out ${CRTNAME}.key
openssl req -new -sha384 -subj "${SUBJECT}" -key ${CRTNAME}.key -out ${CRTNAME}.csr
openssl x509 -req -days 3650 -signkey ${CRTNAME}.key -in ${CRTNAME}.csr -out ${CRTNAME}.crt
openssl pkcs12 -export -out ${CRTNAME}.pfx -inkey ${CRTNAME}.key -in ${CRTNAME}.crt
openssl x509 -text -in ${CRTNAME}.crt
CRTNAME="client"
SUBJECT="/C=DE/ST=Westerstede/L=Westerstede/O=test GmbH/OU=test/CN=test[${CRTNAME}]/emailAddress=test@test.de"
rm -f ${CRTNAME}.key ${CRTNAME}.csr ${CRTNAME}.crt ${CRTNAME}.pfx
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -pkeyopt rsa_keygen_pubexp:65537 -aes-256-cbc -des3 -pass pass:${CRTPASS} -out ${CRTNAME}.key
openssl req -new -sha384 -subj "${SUBJECT}" -key ${CRTNAME}.key -out ${CRTNAME}.csr
openssl x509 -req -days 3650 -signkey ${CRTNAME}.key -in ${CRTNAME}.csr -out ${CRTNAME}.crt
openssl pkcs12 -export -out ${CRTNAME}.pfx -inkey ${CRTNAME}.key -in ${CRTNAME}.crt
openssl x509 -text -in ${CRTNAME}.crt
在我在针对“.NET Core 3.1”的“控制台应用程序(.NET Core)”中测试类似代码之前,它发生异常“无法确定帧大小或收到损坏的帧”
我想知道:
1、.NET 5.0 是否已经支持 tls1.3?
2,这个异常是否可能是因为我的 pfx 证书问题?
3、windows 10是否支持tls1.3?如果没有,什么时候?我找不到官方计划。
4、目前情况下如何在UWP项目中使用tls1.3?</p>