错误:请求已中止:无法创建 SSL/TLS 安全通道

Error: The request was aborted: Could not create SSL/TLS secure channel

提问人:hacksdump 提问时间:7/9/2023 最后编辑:hacksdump 更新时间:7/18/2023 访问量:639

问:

.NET 版本为 4.6.2,正在使用的 VaultSharp 包版本为 VaultSharp.1.4.0.1

法典:

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | 
                                       SecurityProtocolType.Tls12 |
                                       SecurityProtocolType.Tls11 |
                                       SecurityProtocolType.Tls | (SecurityProtocolType)3072 | 
                                       (SecurityProtocolType)768 | 
                                       (SecurityProtocolType)192;  ;

string certificatePath = "cert.pfx";
string secretServerAddress = "https://vaultHotName:443";
var certificate = new X509Certificate2(certificatePath, "Password", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);


HttpClient httpClient = null;
IVaultClient vaultClient = null;
bool enableProxy = true;
if (enableProxy)
{
    HttpClientHandler handler = new HttpClientHandler
    {
        Proxy = new WebProxy("proxyHostName", "443"),
        UseProxy = true
    };
    httpClient = new HttpClient(handler);
}

IAuthMethodInfo authMethod = new CertAuthMethodInfo(clientCertificate: certificate, roleName: vaultRole);
var vaultClientSettings = new VaultClientSettings(secretServerAddress, authMethod);
if (httpClient == null){
    vaultClient = new VaultClient(vaultClientSettings);
}
else
{
    vaultClient = new VaultClient(vaultClientSettings, httpClient);
}
var vaultClientRequired = vaultClient;
secretFullPath = "RandomPath"
Task<Secret<Dictionary<string, object>>> fetchSecretTask = vaultClientRequired.V1.Secrets.KeyValue.V1
                    .ReadSecretAsync(path: secretFullPath);

错误:System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

堆栈跟踪:

-> (Inner Exception #0) System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
   at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
   at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
   --- End of inner exception stack trace ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Net.Http.HttpClient.<FinishSendAsyncBuffered>d__58.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at VaultSharp.Core.Polymath.<MakeRequestAsync>d__16`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at VaultSharp.Core.Polymath.<MakeVaultApiRequest>d__14`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at VaultSharp.V1.AuthMethods.Cert.CertAuthMethodLoginProvider.<GetVaultTokenAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at VaultSharp.Core.Polymath.<MakeVaultApiRequest>d__14`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at VaultSharp.V1.SecretsEngines.KeyValue.V1.KeyValueSecretsEngineV1Provider.<ReadSecretAsync>d__3`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at VaultSharp.V1.SecretsEngines.KeyValue.V1.KeyValueSecretsEngineV1Provider.<ReadSecretAsync>d__2.MoveNext()<---

调试详细信息

  1. 我试图点击Vault从C#代码中读取机密,但它向我显示此错误。我已经尝试了互联网上能找到的任何东西,但我仍然处于同样的状态。

  2. 因此,它应该成功读取机密。

  3. 此代码在本地工作正常,但在 QA/Prod 上则不然。

  4. 此代码通过 curl 命令成功工作。使用 C# 代码,我看到错误。

C# httpwebrequest vaultsharp

评论

0赞 Rahul Sharma 7/9/2023
在 QA/Prod 上,确保 SSL 证书已安装并为您的应用程序正常工作。
2赞 Charlieface 7/9/2023
服务器运行的是哪个版本的 Windows?不要乱来,而是依靠操作系统来整理加密。ServicePointManager
0赞 hacksdump 7/11/2023
@Charlieface服务器是内部管理的,我无权访问它,如果有帮助,我可以分享客户端上运行的 Windows 版本?此外,此代码通过 curl 命令工作。使用 C# 代码,我看到错误。
0赞 hacksdump 7/11/2023
@RahulSharma 您能分享有关检查SSL证书是否正确安装的更多详细信息吗?另外,我必须在客户端检查一下,对吧?
0赞 Bernardo Marques 7/26/2023
客户端和服务器将协商加密协议和密码以及非自动的协议和密码,我认为您不应该干扰它。这显然是一个 SSL/TLS 错误,您应该尝试获取您尝试连接到的服务器支持的协议和密码列表。困扰我的一件事是 SSL3、TLS1.2 和 TLS 1.1 都已被弃用。

答: 暂无答案

上一个:System.Net.WebException:试图以套接字的访问权限禁止的方式访问套接字

下一个:无法建立 SSL 连接,请参阅内部异常。在 System.Net.HttpWebRequest.GetResponse()