无法使用WebClient.DownloadFile方法从启用了TLS 1.1 / 1.2协议的计算机下载文件
我正在尝试使用Webclient.DownloadFile方法通过TLS 1.1 / 1.2协议实现一个简单的控制台应用程序来下载文件。 这是应用程序的代码:
var downloadUrl = "https://serverURL.com/sample.mp3"; var filename = "sample.mp3"; var myWebClient = new WebClient(); myWebClient.DownloadFile(downloadUrl, filename); 每次运行它我都会收到以下错误消息:
Unhandled Exception: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possessa common algorithm at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc) at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential) at System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint) at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output) at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.TlsStream.CallProcessAuthentication(Object state) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) --- End of inner exception stack trace --- at System.Net.WebClient.DownloadFile(Uri address, String fileName) at System.Net.WebClient.DownloadFile(String address, String fileName) at web_downloader.Program.Main(String[] args) in c:\Users\user\Documents\Visual Studio 2013\Projects\web_downloader\web_downloader\Program.cs:line 27
我有以下设置:web_downloader应用程序位于ServerA (Windows Server 2012 R2 / 64bit)上,其在HKEY_LOCAL_MACHINE / SYSTEM / CurrentControlSet / Control / SecurityProviders / SCHANNEL / Protocols下的注册表项中包含以下内容:
PCT 1.0 --Client ----DisabledByDefault=1 ----Enabled=0 --Server ----DisabledByDefault=1 ----Enabled=0 SSL 2.0 --Client ----DisabledByDefault=1 ----Enabled=0 --Server ----DisabledByDefault=1 ----Enabled=0 SSL 3.0 --Client ----DisabledByDefault=1 ----Enabled=0 --Server ----DisabledByDefault=1 ----Enabled=0 TLS 1.0 --Client ----DisabledByDefault=1 ----Enabled=0 --Server ----DisabledByDefault=1 ----Enabled=0 TLS 1.1 --Client ----DisabledByDefault=0 ----Enabled=1 --Server ----DisabledByDefault=0 ----Enabled=1 TLS 1.2 --Client ----DisabledByDefault=0 ----Enabled=1 --Server ----DisabledByDefault=0 ----Enabled=1
存储sample.mp3文件的ServerB具有以下内容:
SSL 2.0 Client DisabledByDefault=1 TLS 1.1 Client DisabledByDefault=0 Enabled=1 Server DisabledByDefault=0 Enabled=1 TLS 1.2 Client DisabledByDefault=0 Enabled=1 Server DisabledByDefault=0 Enabled=1
一旦我在ServerA上启用TLS 1.0,我就可以从ServerB (Windows 7 / 64bit / Net Framework 4.5.1)下载mp3文件而不会出现任何问题。
系统加密:在两台计算机上禁用使用FIPS兼容算法进行加密,散列和签名策略。
我是否缺少DownloadFile方法的任何配置参数以使用TLS 1.1 / 1.2?
.NET Framework使用自己的设置来确定默认使用的HTTPS版本。 有关要在客户端上设置的ServicePointManager.SecurityProtocol设置,请参阅https://stackoverflow.com/a/169396/126229以确保它尝试协商TLS1.1连接。
您还可以使用Fiddler(查看CONNECT Tunnel的TextView请求检查器)来查看出站流量,以查看ClientHello消息的细分。 请注意,启用HTTPS解密的运行Fiddler会产生干扰,因为Fiddler本身默认使用SSL3 + TLS1与服务器通信。
如果您使用的是.NET Framwork 3.5或更低版本,则只能设置TLS 1.0(放置注册表项),并且必须在服务器上启用TLS 1.0。