1

.NET 5 对 TLS 进行了重大更改。因此,当我连接到网站(通过HttpClient)并且它不支持 TLS 1.3(这是 .NET5 的默认设置)时,我收到以下错误: Interop+Crypto+OpenSslCryptographicException: error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type.

我想知道我是否会 BITOR ServicePointManager.SecurityProtocol: ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls13 | SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls; 它会解决为网络服务器提供正确的密码套件吗?

4

1 回答 1

0

这是关于 github 的讨论:https ://github.com/dotnet/runtime/issues/22507

基于此,这是我的解决方案。我必须阅读大量的 github 讨论以及运行时 repo。

// Windows OS throws PlatformNotSupportedException for explicit list of TlsCipherSuite
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
    services.AddHttpClient("WebsiteCheck"), configureClient =>
    {
        configureClient.Timeout = TimeSpan.FromMinutes(1);
    });
}
else
{
    services.AddHttpClient("WebsiteCheck"), configureClient =>
    {
        configureClient.Timeout = TimeSpan.FromMinutes(1);
    }).ConfigurePrimaryHttpMessageHandler(() =>
    {
        var allowedCipherSuites = Enum.GetValues<TlsCipherSuite>();

        return new SocketsHttpHandler()
        {
            SslOptions = new()
            {
                CipherSuitesPolicy = new CipherSuitesPolicy(allowedCipherSuites)
            }
        };
    });
}
于 2021-06-17T16:21:27.907 回答