将SSL应用程序从Java移植到C#
本文关键字:Java SSL 应用程序 | 更新日期: 2023-09-27 18:27:02
我正在将一个用于mumble的java客户端移植到C#,我遇到了一些困难。
在java中,SSL套接字是这样启动的:
final SSLContext ctx_ = SSLContext.getInstance("TLS");
ctx_.init(null, new TrustManager[] { new LocalSSLTrustManager() }, null);
final SSLSocketFactory factory = ctx_.getSocketFactory();
final SSLSocket sslSocket = (SSLSocket) factory.createSocket(hostAddress, port);
sslSocket.setUseClientMode(true);
sslSocket.setEnabledProtocols(new String[] { "TLSv1" });
sslSocket.startHandshake();
我已经将其移植到C#中,如下所示:
return ssl = new SslStream(netStream, false, (a, b, c, d) => true); //For now, accept any cert
ssl.AuthenticateAsClient(serverName);
现在,这确实建立了一个连接,但它使用的是AES128,而mumble协议需要AES256,所以服务器似乎会忽略我在这个套接字上发送的任何内容。
我的代码移植正确吗?有没有办法强制C#使用AES256进行这种连接?
不,您的代码很好,但是,通过defalt,windows似乎没有启用AES256支持,因为TLS 1.2没有启用。Java使用自己的SSL实现,这显然支持它。因此,当与服务器usng c#协商时,会选择AES128,因为它是默认支持的最强密码窗口。
根据此网站,运行以下powershell脚本应在TLS中启用AES256并解决您的问题。在运行它之前,我会确保它没有做任何有趣的事情。
# Enables TLS 1.2 on Windows Server 2008 R2 and Windows 7
# June 27, 2010
# Version 1.2
# These keys do not exist so they need to be created prior to setting values.
md "HKLM:'SYSTEM'CurrentControlSet'Control'SecurityProviders'SCHANNEL'Protocols'TLS 1.2"
md "HKLM:'SYSTEM'CurrentControlSet'Control'SecurityProviders'SCHANNEL'Protocols'TLS 1.2'Server"
md "HKLM:'SYSTEM'CurrentControlSet'Control'SecurityProviders'SCHANNEL'Protocols'TLS 1.2'Client"
# Enable TLS 1.2 for client and server SCHANNEL communications
new-itemproperty -path "HKLM:'SYSTEM'CurrentControlSet'Control'SecurityProviders'SCHANNEL'Protocols'TLS 1.2'Server" -name "Enabled" -value 1 -PropertyType "DWord"
new-itemproperty -path "HKLM:'SYSTEM'CurrentControlSet'Control'SecurityProviders'SCHANNEL'Protocols'TLS 1.2'Server" -name "DisabledByDefault" -value 0 -PropertyType "DWord"
new-itemproperty -path "HKLM:'SYSTEM'CurrentControlSet'Control'SecurityProviders'SCHANNEL'Protocols'TLS 1.2'Client" -name "Enabled" -value 1 -PropertyType "DWord"
new-itemproperty -path "HKLM:'SYSTEM'CurrentControlSet'Control'SecurityProviders'SCHANNEL'Protocols'TLS 1.2'Client" -name "DisabledByDefault" -value 0 -PropertyType "DWord"
# Disable SSL 2.0 (PCI Compliance)
md "HKLM:'SYSTEM'CurrentControlSet'Control'SecurityProviders'SCHANNEL'Protocols'SSL 2.0'Server"
new-itemproperty -path "HKLM:'SYSTEM'CurrentControlSet'Control'SecurityProviders'SCHANNEL'Protocols'SSL 2.0'Server" -name Enabled -value 0 -PropertyType "DWord"