.net-core - 互操作加密 OpenSslCryptographicException:错误:14094410:SSL 例程:ssl3_read_bytes:sslv3 警报握手失败
问题描述
无论是目标net5.0
还是net6.0
框架,在尝试创建时,它在Windowssslstream
操作系统上运行时反复抛出在Ubuntu操作系统上运行的错误,处理此错误的正确方法是什么?
错误信息
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
---> Interop+Crypto+OpenSslCryptographicException: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
--- End of inner exception stack trace ---
at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, ReadOnlySpan`1 input, Byte[]& sendBuf, Int32& sendCount)
at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteSslContext& context, ReadOnlySpan`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
示例代码
public static SslStream CreateSslStream(this TcpClient client, bool leaveInnerStreamOpen = false)
{
var validationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate);
var selectionCallback = new LocalCertificateSelectionCallback(SelectLocalCertificate);
return new SslStream(client.GetStream(), leaveInnerStreamOpen, validationCallback, selectionCallback);
}
解决方案
我参考了票证:Reopen #44191: SSL/TLS handshake failed in Ubuntu 20.04 and Net 5.0.1,现在问题已经解决了。
/etc/ssl/openssl.cnf
# Add this in the head of the file
openssl_conf = openssl_init
#
# skip
#
# And the following in the end of the file
[openssl_init]
ssl_conf = ssl_config
[ssl_config]
system_default = tls_defaults
[tls_defaults]
CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
MinProtocol = TLSv1.2
推荐阅读
- import - Perforce:无法从发布流导入项目,该项目现已在开发流中删除
- css - 如何使 iframe 内的图像适合 iframe 的大小?(角度)
- javascript - 跨域认证令牌
- flask - Flask/WTForms - 我怎样才能使表单内联?
- mysql - 优化 SQL 以将条件应用于多行
- python - 如何在 Django 中进行用户调整分页?
- python - 如何有效地查询和更新 MongoDB (Pymongo) 中的条目?
- c++ - GCC++!!未定义的引用
- django - Django:活动主页链接
- python - 使用共享数组在 pyton 多处理中来回传输信息