错误“无法创建SSL/TLS安全通道”.尽管手动设置TLS

本文关键字:TLS 通道 设置 安全 错误 创建 无法创建 SSL | 更新日期: 2023-09-27 18:07:23

这是我在Windows 8上运行的c#代码:

ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(url);
HttpWebResponse webResponse = (HttpWebResponse)webRequest.GetResponse(); // FAIL!!!

异常是"Could not create SSL/TLS secure channel."

如果我在浏览器中尝试URL,它可以工作。查看证书(这是一个HTTPS请求),我可以看到证书使用以下内容:

    Your connection to madis-data.noaa.gov is encrypted using an obsolete cipher suite.
    The connection uses TLS 1.0.
    The connection is encrypted using AES_128_CBC, 
with HMAC-SHA1 for message authentication and DHE_RSA 
as the key exchange mechanism.

我已经打开了web中的跟踪。配置查看到底发生了什么,下面是输出:

System.Net Information: 0 : [13952] ConnectStream#38701186::ConnectStream(Buffered 5 bytes.)
System.Net Information: 0 : [13952] Associating HttpWebRequest#59795752 with ConnectStream#38701186
System.Net Information: 0 : [13952] Associating HttpWebRequest#59795752 with HttpWebResponse#1266475
System.Net Verbose: 0 : [13952] Exiting HttpWebRequest#59795752::GetResponse()  -> HttpWebResponse#1266475
System.Net Verbose: 0 : [13952] HttpWebResponse#1266475::GetResponseStream()
System.Net Information: 0 : [13952] ContentLength=5
System.Net Verbose: 0 : [13952] Exiting HttpWebResponse#1266475::GetResponseStream()    -> ConnectStream#38701186
System.Net Verbose: 0 : [13952] ConnectStream#38701186::Read()
System.Net Verbose: 0 : [13952] Data from ConnectStream#38701186::Read
System.Net Verbose: 0 : [13952] 00000000 : 44 6F 6E 65 2E                                  : Done.
System.Net Verbose: 0 : [13952] Exiting ConnectStream#38701186::Read()  -> Int32#5
System.Net Verbose: 0 : [13952] ConnectStream#38701186::Read()
System.Net Verbose: 0 : [13952] Exiting ConnectStream#38701186::Read()  -> Int32#0
System.Net Verbose: 0 : [2548] WebRequest::Create(https://madis-data.noaa.gov/madisPublic1/cgi-bin/madisXmlPublicDir?rdr=&time=0&minbck=-90&minfwd=0&recwin=3&dfltrsel=0&state=AK&latll=0.0&lonll=0.0&latur=90.0&lonur=0.0&stanam=&stasel=0&pvdrsel=0&varsel=1&qcsel=0&xml=2&csvmiss=1&nvars=WMOID&nvars=TD&nvars=RH&nvars=ALTSE&nvars=P&nvars=PT3&nvars=DD&nvars=T&nvars=TV&nvars=FF&nvars=FFGUST&nvars=ELEV&nvars=LAT&nvars=LON&nvars=PCP1H&nvars=PRESWEA&nvars=SKYCOV)
System.Net Verbose: 0 : [2548] HttpWebRequest#27754753::HttpWebRequest(https://madis-data.noaa.gov/madisPublic1/cgi-bin/madisXmlPublicDir?rdr=&time=0&minbck=-90&minfwd=0&recwin=3&dfltrsel=0&state=AK&latll=0.0&lonll=0.0&latur=90.0&lonur=0.0&stanam=&stasel=0&pvdrsel=0&varsel=1&qcsel=0&xml=2&csvmiss=1&nvars=WMOID&nvars=TD&nvars=RH&nvars=ALTSE&nvars=P&nvars=PT3&nvars=DD&nvars=T&nvars=TV&nvars=FF&nvars=FFGUST&nvars=ELEV&nvars=LAT&nvars=LON&nvars=PCP1H&nvars=PRESWEA&nvars=SKYCOV#-2142986532)
System.Net Verbose: 0 : [2548] Exiting HttpWebRequest#27754753::HttpWebRequest() 
System.Net Verbose: 0 : [2548] Exiting WebRequest::Create()     -> HttpWebRequest#27754753
System.Net Verbose: 0 : [2548] HttpWebRequest#27754753::GetResponse()
System.Net Verbose: 0 : [2548] ServicePoint#40143513::ServicePoint(madis-data.noaa.gov:443)
System.Net Information: 0 : [2548] Associating HttpWebRequest#27754753 with ServicePoint#40143513
System.Net Information: 0 : [2548] Associating Connection#34830681 with HttpWebRequest#27754753
System.Net.Sockets Verbose: 0 : [2548] Socket#36216217::Socket(AddressFamily#2)
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#36216217::Socket() 
System.Net.Sockets Verbose: 0 : [2548] Socket#729977::Socket(AddressFamily#23)
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#729977::Socket() 
System.Net.Sockets Verbose: 0 : [2548] DNS::TryInternalResolve(madis-data.noaa.gov)
System.Net.Sockets Verbose: 0 : [2548] Socket#36216217::Connect(140.172.12.193:443#-1056133833)
System.Net.Sockets Information: 0 : [2548] Socket#36216217 - Created connection from 10.211.55.4:49219 to 140.172.12.193:443.
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#36216217::Connect() 
System.Net.Sockets Verbose: 0 : [2548] Socket#729977::Close()
System.Net.Sockets Verbose: 0 : [2548] Socket#729977::Dispose()
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#729977::Close() 
System.Net Information: 0 : [2548] Connection#34830681 - Created connection from 10.211.55.4:49219 to 140.172.12.193:443.
System.Net Information: 0 : [2548] TlsStream#59226404::.ctor(host=madis-data.noaa.gov, #certs=0)
System.Net Information: 0 : [2548] Associating HttpWebRequest#27754753 with ConnectStream#58631946
System.Net Information: 0 : [2548] HttpWebRequest#27754753 - Request: GET /madisPublic1/cgi-bin/madisXmlPublicDir?rdr=&time=0&minbck=-90&minfwd=0&recwin=3&dfltrsel=0&state=AK&latll=0.0&lonll=0.0&latur=90.0&lonur=0.0&stanam=&stasel=0&pvdrsel=0&varsel=1&qcsel=0&xml=2&csvmiss=1&nvars=WMOID&nvars=TD&nvars=RH&nvars=ALTSE&nvars=P&nvars=PT3&nvars=DD&nvars=T&nvars=TV&nvars=FF&nvars=FFGUST&nvars=ELEV&nvars=LAT&nvars=LON&nvars=PCP1H&nvars=PRESWEA&nvars=SKYCOV HTTP/1.1
System.Net Information: 0 : [2548] ConnectStream#58631946 - Sending headers
{
Host: madis-data.noaa.gov
Connection: Keep-Alive
}.
System.Net Information: 0 : [2548] SecureChannel#35318308::.ctor(hostname=madis-data.noaa.gov, #clientCertificates=0, encryptionPolicy=RequireEncryption)
System.Net Information: 0 : [2548] Enumerating security packages:
System.Net Information: 0 : [2548]     Negotiate
System.Net Information: 0 : [2548]     NegoExtender
System.Net Information: 0 : [2548]     Kerberos
System.Net Information: 0 : [2548]     NTLM
System.Net Information: 0 : [2548]     TSSSP
System.Net Information: 0 : [2548]     pku2u
System.Net Information: 0 : [2548]     LiveSSP
System.Net Information: 0 : [2548]     WDigest
System.Net Information: 0 : [2548]     Schannel
System.Net Information: 0 : [2548]     Microsoft Unified Security Protocol Provider
System.Net Information: 0 : [2548]     CREDSSP
System.Net Information: 0 : [2548] SecureChannel#35318308 - Left with 0 client certificates to choose from.
System.Net Information: 0 : [2548] AcquireCredentialsHandle(package = Microsoft Unified Security Protocol Provider, intent  = Outbound, scc     = System.Net.SecureCredential)
System.Net Information: 0 : [2548] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = madis-data.noaa.gov, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [2548] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=127, returned code=ContinueNeeded).
System.Net.Sockets Verbose: 0 : [2548] Socket#36216217::Send()
System.Net.Sockets Verbose: 0 : [2548] Data from Socket#36216217::Send
System.Net.Sockets Verbose: 0 : [2548] 00000000 : 16 03 01 00 7A 01 00 00-76 03 01 55 CB 07 87 0F : ....z...v..U....
System.Net.Sockets Verbose: 0 : [2548] 00000010 : 05 21 DE ED FF 2F E8 87-E5 CD 90 BF 81 CF B9 87 : .!.../..........
System.Net.Sockets Verbose: 0 : [2548] 00000020 : CA 7F 1A 5A D1 00 0B 67-FF A2 62 00 00 18 C0 14 : ...Z...g..b.....
System.Net.Sockets Verbose: 0 : [2548] 00000030 : C0 13 00 35 00 2F C0 0A-C0 09 00 38 00 32 00 0A : ...5./.....8.2..
System.Net.Sockets Verbose: 0 : [2548] 00000040 : 00 13 00 05 00 04 01 00-00 35 00 00 00 18 00 16 : .........5......
System.Net.Sockets Verbose: 0 : [2548] 00000050 : 00 00 13 6D 61 64 69 73-2D 64 61 74 61 2E 6E 6F : ...madis-data.no
System.Net.Sockets Verbose: 0 : [2548] 00000060 : 61 61 2E 67 6F 76 00 0A-00 06 00 04 00 17 00 18 : aa.gov..........
System.Net.Sockets Verbose: 0 : [2548] 00000070 : 00 0B 00 02 01 00 00 23-00 00 FF 01 00 01 00    : .......#.......
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#36216217::Send()  -> Int32#127
System.Net.Sockets Verbose: 0 : [2548] Socket#36216217::Receive()
System.Net.Sockets Verbose: 0 : [2548] Data from Socket#36216217::Receive
System.Net.Sockets Verbose: 0 : [2548] 00000000 : 15 03 01 00 02                                  : .....
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#36216217::Receive()   -> Int32#5
System.Net.Sockets Verbose: 0 : [2548] Socket#36216217::Receive()
System.Net.Sockets Verbose: 0 : [2548] Data from Socket#36216217::Receive
System.Net.Sockets Verbose: 0 : [2548] 00000005 : 02 28                                           : .(
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#36216217::Receive()   -> Int32#2
System.Net Information: 0 : [2548] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 8c0ec23d10:c8f6c09a90, targetName = madis-data.noaa.gov, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
System.Net Information: 0 : [2548] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=IllegalMessage).
System.Net.Sockets Verbose: 0 : [2548] Socket#36216217::Dispose()
System.Net Error: 0 : [2548] Exception in HttpWebRequest#27754753:: - The request was aborted: Could not create SSL/TLS secure channel..
System.Net Error: 0 : [2548] Exception in HttpWebRequest#27754753::GetResponse - The request was aborted: Could not create SSL/TLS secure channel..
System.Net Verbose: 0 : [2548] WebRequest::Create(https://madis-data.noaa.gov/madisPublic1/cgi-bin/madisXmlPublicDir?rdr=&time=0&minbck=-90&minfwd=0&recwin=3&dfltrsel=0&state=AK&latll=0.0&lonll=0.0&latur=90.0&lonur=0.0&stanam=&stasel=0&pvdrsel=0&varsel=1&qcsel=0&xml=2&csvmiss=1&nvars=WMOID&nvars=TD&nvars=RH&nvars=ALTSE&nvars=P&nvars=PT3&nvars=DD&nvars=T&nvars=TV&nvars=FF&nvars=FFGUST&nvars=ELEV&nvars=LAT&nvars=LON&nvars=PCP1H&nvars=PRESWEA&nvars=SKYCOV)
System.Net Verbose: 0 : [2548] HttpWebRequest#31219764::HttpWebRequest(https://madis-data.noaa.gov/madisPublic1/cgi-bin/madisXmlPublicDir?rdr=&time=0&minbck=-90&minfwd=0&recwin=3&dfltrsel=0&state=AK&latll=0.0&lonll=0.0&latur=90.0&lonur=0.0&stanam=&stasel=0&pvdrsel=0&varsel=1&qcsel=0&xml=2&csvmiss=1&nvars=WMOID&nvars=TD&nvars=RH&nvars=ALTSE&nvars=P&nvars=PT3&nvars=DD&nvars=T&nvars=TV&nvars=FF&nvars=FFGUST&nvars=ELEV&nvars=LAT&nvars=LON&nvars=PCP1H&nvars=PRESWEA&nvars=SKYCOV#-2142986532)
System.Net Verbose: 0 : [2548] Exiting HttpWebRequest#31219764::HttpWebRequest() 
System.Net Verbose: 0 : [2548] Exiting WebRequest::Create()     -> HttpWebRequest#31219764
System.Net Verbose: 0 : [2548] HttpWebRequest#31219764::GetResponse()
System.Net Information: 0 : [2548] Associating HttpWebRequest#31219764 with ServicePoint#40143513
System.Net Information: 0 : [2548] Associating Connection#18847233 with HttpWebRequest#31219764
System.Net.Sockets Verbose: 0 : [2548] Socket#28460958::Socket(AddressFamily#2)
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#28460958::Socket() 
System.Net.Sockets Verbose: 0 : [2548] Socket#25961122::Socket(AddressFamily#23)
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#25961122::Socket() 
System.Net.Sockets Verbose: 0 : [2548] Socket#28460958::Connect(140.172.12.193:443#-1056133833)
System.Net.Sockets Information: 0 : [2548] Socket#28460958 - Created connection from 10.211.55.4:49220 to 140.172.12.193:443.
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#28460958::Connect() 
System.Net.Sockets Verbose: 0 : [2548] Socket#25961122::Close()
System.Net.Sockets Verbose: 0 : [2548] Socket#25961122::Dispose()
System.Net.Sockets Verbose: 0 : [2548] Exiting Socket#25961122::Close() 

不需要安装证书,但我在跟踪输出中看到"剩下0个客户端证书可供选择"。我不知道如何解决这个问题。

我已经在StackOverflow和网络上搜索了几个小时,但没有成功。有人有什么建议吗?


更新:作为一种解决方案,我尝试从命令行使用powershell来获取数据,令人惊讶的是收到了同样的错误!这表明问题出在Windows而不是我的。net实现上。

下面是我的命令行输出:
C:'>powershell -Command "(New-Object Net.WebCl
ient).DownloadFile('https://madis-data.noaa.gov/madisPublic1/cgi-bin/madisXmlPub
licDir?rdr=&time=0&minbck=-90&minfwd=0&recwin=3&dfltrsel=0&state=AK&latll=0.0&lo
nll=0.0&latur=90.0&lonur=0.0&stanam=&stasel=0&pvdrsel=0&varsel=1&qcsel=0&xml=2&c
svmiss=1&nvars=WMOID&nvars=TD&nvars=RH&nvars=ALTSE&nvars=P&nvars=PT3&nvars=DD&nv
ars=T&nvars=TV&nvars=FF&nvars=FFGUST&nvars=ELEV&nvars=LAT&nvars=LON&nvars=PCP1H&
nvars=PRESWEA&nvars=SKYCOV', 'madis.csv')"
Exception calling "DownloadFile" with "2" argument(s): "The request was
aborted: Could not create SSL/TLS secure channel."
At line:1 char:1
+ (New-Object
Net.WebClient).DownloadFile('https://madis-data.noaa.gov/madisPublic ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : WebException

错误“无法创建SSL/TLS安全通道”.尽管手动设置TLS

这在PowerShell中对我很有效:

$url = "https://madis-data.noaa.gov/madisPublic1..."
$filename = "madis.csv"
[Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls
$webClient = new-object System.Net.WebClient
$webClient.DownloadFile( $url, $filename )

,这在c#

中有效
var url = @"https://madis-data.noaa.gov/madisPublic1...";
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
WebClient wc = new WebClient();
wc.DownloadFile(url, "madis.csv");

问题是主机上有问题的SSL证书,现已解决。