首页 > 解决方案 > 互操作加密 OpenSslCryptographicException:错误:14094410:SSL 例程:ssl3_read_bytes:sslv3 警报握手失败

问题描述

无论是目标net5.0还是net6.0框架,在尝试创建时,它在Windowssslstream操作系统上运行时反复抛出在Ubuntu操作系统上运行的错误,处理此错误的正确方法是什么?

错误信息

 System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
       ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
       ---> Interop+Crypto+OpenSslCryptographicException: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
         --- End of inner exception stack trace ---
         at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, ReadOnlySpan`1 input, Byte[]& sendBuf, Int32& sendCount)
         at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteSslContext& context, ReadOnlySpan`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
         --- End of inner exception stack trace ---
         at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)

示例代码

public static SslStream CreateSslStream(this TcpClient client, bool leaveInnerStreamOpen = false)
{
    var validationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate);
    var selectionCallback = new LocalCertificateSelectionCallback(SelectLocalCertificate);
    return new SslStream(client.GetStream(), leaveInnerStreamOpen, validationCallback, selectionCallback);
}

标签: .net-coretcpclientsslstream

解决方案


我参考了票证:Reopen #44191: SSL/TLS handshake failed in Ubuntu 20.04 and Net 5.0.1,现在问题已经解决了。

/etc/ssl/openssl.cnf

# Add this in the head of the file
openssl_conf = openssl_init

#
# skip
#

# And the following in the end of the file
[openssl_init]
ssl_conf = ssl_config

[ssl_config]
system_default = tls_defaults

[tls_defaults]
CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
MinProtocol = TLSv1.2

推荐阅读