Düşündiriş: Talap ýatyryldy: SSL / TLS ygtybarly kanal döredip bilmedi. SSL / TLS ygtybarly kanal döredip bilmedi. Platformalary gurmak: Windows Server 2012, Windows 7 Service Pack 1 (SP1) we Windows Server 2008 R2 SP1

[epizod] web sahypasyny göçürip almak Sahypany göçürip almak üçin bir gural. Bir gezek basmak bilen URL-ni giriziň. Simpleönekeý we ulanmak aňsat we köp sapakly meseleler bar.

Çözgüt 1: Kod derejesi

HttpWebRequest-den öň kod düzüň

ServicePointManager.Expect100Continue = true; ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls; ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;

Çözgüt 2: Ulgam derejesi

Aboveokardaky usul işlemese, ulgam derejesindäki mesele. Häzirki wagtda ulanýan ulgamyňyza görä ulgam patchyny täzeläň.

Windows-da WinHTTP-de esasy howpsuzlyk protokollary hökmünde TLS 1.1 we TLS 1.2-i işletmek üçin täzelenme, bu täzelenme Windows Server 2012-de Transport Layer Security (TLS), Windows 7 Service Pack 1 (SP1) we Windows Server 2008 R2 SP1 1.1 we TLS 1.2 goldawy, resmi resminamalara serediň https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi

KB3140245 patchy täzeläň

• http://www.catalog.update.microsoft.com/search.aspx?q=kb3140245

SChannel komponent derejesinde Windows 7-de TLS 1.1 we 1.2-i işlediň (aşakdaky täzelenme bilen)

1-nji usul: MicrosoftEasyFix51044.msi täzelemek üçin Microsoft täzelenme gurnama bukjasyny ulanyň

• Microsoft reýestri gurýar we täzeleýär:http://download.microsoft.com/download/0/6/5/0658B1A7-6D2E-474F-BC2C-D69E5B9E9A68/MicrosoftEasyFix51044.msi

2-nji usul: Hasaba alyş kitabyny el bilen täzeläň

Aşakdaky bellige alyş koduny göçüriň we reýestre import ediň. Täze txt dörediň, txt goşulmasyny reg (registr açary) üýtgediň we import ediň (import etmezden ozal ätiýaçlyk ediň)

WIN7 64

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] "DefaultSecureProtocols"=dword:00000a00 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] "DefaultSecureProtocols"=dword:00000a00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] "SecureProtocols"=dword:00000a80 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "SecureProtocols"=dword:00000a80

Windows Server

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] "DefaultSecureProtocols"=dword:00000800 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] "DefaultSecureProtocols"=dword:00000800 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001

Ulgamyň TLS1.2, TLS1.3 goldaýandygyny ýa-da ýokdugyny barlaň

PowerShell açylýar:

[Net.ServicePointManager]::SecurityProtocol [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Ssl3 -bor [Net.SecurityProtocolType]::Tls -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12

Kodyň birinji setiri goldanýan TLS wersiýasyny barlaýar. Ikinji setir TLS goldawyny üýtgedýär.

Çözgüt 3: Ulgamy täzeläň

Öňki iki usulyň hiç biri-de işlemez, şonuň üçin diňe iň soňky usuly ulanyp bilersiňiz:

• Ulgamy Windows 10 we Windows Server 2019-a täzeläň (TLS1.2 goldaýar);
• Ulgamy Windows 11 we Windows Server 2022-e täzeläň (TLS1.3 goldaýar).

Bellik: Her Windows wersiýasy tarapyndan goldanýan aýratyn TSL wersiýalary üçin şu makaladaky goşmaça maglumatlara ýüz tutmagyňyzy haýyş edýäris.

Beýleki salgylanma mazmuny

Beýleki salgylanma mazmuny

• https://blogs.perficient.com/2016/04/28/tsl-1-2-and-net-support/

Çözgütler bar, ýöne çarçuwanyň wersiýasyna bagly:

.NET 4.6 we ondan ýokary. TLS 1.2-ni goldamak üçin goşmaça iş etmegiň zerurlygy ýok, adaty ýagdaýda goldanýar.

.NET 4.5. TLS 1.2 goldaýar, ýöne bu protokol däl. Ulanmagy saýlamaly. Aşakdaky kod TLS 1.2-i deslapky görnüşde düzýär, ygtybarly çeşmä birikmezden ozal ýerine ýetiriň:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

.NET 4.0. TLS 1.2 goldanylmaýar, ýöne ulgamyňyzda .NET 4.5 (ýa-da has ýokary) gurnalan bolsa, programma çarçuwasy TLS 1.2-ni goldamaýan hem bolsa, TLS 1.2 ulanyp bilersiňiz. Onlyeke-täk mesele .NET 4.0-daky SecurityProtocolType-iň TLS1.2 üçin ýazgysy ýok, şonuň üçin bu san bahasynyň san görnüşini ulanmalydyrys:

ServicePointManager.SecurityProtocol = （SecurityProtocolType） 3072;

.NET 3.5 ýa-da ondan pes TLS 1.2 (*) goldanylmaýar we iş ýok. Arzaňyzy çarçuwanyň iň soňky wersiýasyna täzeläň.

PS 3-nji ssenariýa üçin, 4.5-i TLS 1.2-i programma taýdan mejbur etmezden ulanmaga mejbur etjek registr hakeri hem bar. PPS Microsoft-yň Hristian Pop aşakda belläp geçişi ýaly, TLS1.2 goldawyny üpjün edýän .NET 3.5 üçin iň täze patch bar.

Serediň:

• KB3154518 - HR-1605 - NDP 2.0 SP2 - Win7 SP1 / Win 2008 R2 SP1
• KB3154519 - Ygtybarly Rollup HR-1605 - NDP 2.0 SP2 - Win8 RTM / Win 2012 RTM
• KB3154520 - Ygtybarly Rollup HR-1605 - NDP 2.0 SP2 - Win8.1RTM / Win 2012 R2 RTM
• KB3156421 -1605 HotFix Rollup through Windows Update for Windows 10.

Beýleki salgylanma mazmuny 2

Web sahypasy tarapyndan berlen şahadatnama açarynyň uzynlygy 512 bit bolup biler we häzirki senagat standartlaryna laýyklykda 2048 bitden az bolmadyk açar bolmaly. Microsoft-yň 2016-njy ýylyň sentýabr aýyndaky howpsuzlyk täzelenmesi bu meselä açyk açaryň uzynlygy 2048 baýtdan (meselem RSA 512) az bolsa, jogap berdi.Windows HTTPS birikmelerini ýatyryp biler

Gurlan täzelenmeler

2012 R2 and Windows 8

• KB3185331
• KB3188743
• KB3174644

2008 R2 and Windows 7

• KB3185278
• KB3185330
• KB3192391
• KB3175024
• KB3172605

Beýleki salgylanma mazmuny üç

SecurityProtocolType.Tls1.0=0xC0; SecurityProtocolType.Tls1.1=0x300; SecurityProtocolType.Tls1.2=0xC00;

.net 4.0 / 4.5 deslapky bahasy: SecurityProtocolType.Tls |. SecurityProtocolType

https://support.microsoft.com/en-us/help/3069494/cannot-connect-to-a-server-by-using-the-servicepointmanager-or-sslstre

SCH_USE_STRONG_CRYPTO Bu baýdak .NET çarçuwasy 4.6-da awtomatiki ulanylar. https://support.microsoft.com/en-us/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework Win7Sp1 we .Net 3.5.1-de TLS1.2 goldaýar

ServicePointManager.SecurityProtocol & = ~ SecurityProtocolType.Ssl3 // ssl3 ServicePointManager.SecurityProtocol | = (SecurityProtocolType) 0x300 | (SecurityProtocolType) 0xc00;

TLS1.2-iň netijesi:

• .Net3.5.1 gurmak üçin bir patch gerek, soň bolsa TLS1.2 sanamagy goşmaly
• .Net 4.0 gurmak, reýestri üýtgetmegi we soňra TLS1.2 sanamagyny talap edýär
• .Net4.5 guranyňyzdan soň, TLS1.2 sanamagy hem goşmaly
• .Net4.6.1 gurlandan soň, TLS1.2 deslapky görnüşde goldanýar.

.Net4 astynda hasaba alyş üýtgetmesi

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001

goşmaça materiallar

• Soňra goşmaça makalalar goşarys:TLS protokoly TLS / SSL-de Windows wersiýasy goldawy (Schannel SSP)

Bu makala tarapyndan ýazylanweb sahypasyny göçürip almakEctedygnalan we tertipli, mazmun internetden gelýär, gaýtadan çap edilende çeşmesini görkeziň, sag boluň.