问题描述
.NET 5 对 TLS 进行了重大更改。因此,当我连接到网站(通过 HttpClient
)并且它不支持 TLS 1.3(这是 .NET5 的默认设置)时,我收到以下错误:Interop+Crypto+OpenSslCryptographicException: error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type.
我想知道我是否会 BITOR ServicePointManager.SecurityProtocol:ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls13 | SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
它会决定为网络服务器提供正确的密码套件吗?
解决方法
这里是github上的讨论:https://github.com/dotnet/runtime/issues/22507
基于此,这是我的解决方案。我不得不阅读大量 github 讨论以及浏览运行时存储库。
// Windows OS throws PlatformNotSupportedException for explicit list of TlsCipherSuite
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
services.AddHttpClient("WebsiteCheck"),configureClient =>
{
configureClient.Timeout = TimeSpan.FromMinutes(1);
});
}
else
{
services.AddHttpClient("WebsiteCheck"),configureClient =>
{
configureClient.Timeout = TimeSpan.FromMinutes(1);
}).ConfigurePrimaryHttpMessageHandler(() =>
{
var allowedCipherSuites = Enum.GetValues<TlsCipherSuite>();
return new SocketsHttpHandler()
{
SslOptions = new()
{
CipherSuitesPolicy = new CipherSuitesPolicy(allowedCipherSuites)
}
};
});
}