BizTalk 2016 Feature Pack 3 在调用 TLS 1.2 兼容时抛出异常 API
BizTalk 2016 Feature Pack 3 throwing exception while calling TLS 1.2 compliant API
为了支持 BizTalk 2016 的 TLS 1.2,我们升级到 BizTalk 2016 Feature Pack 3。升级成功,我们的工作流程正常运行,直到我们的网络关闭了对 TLS 1.0 和 TLS 1.1 的支持。之后,我们在从 BizTalk 调用 API 时开始收到以下错误:我们知道 API 支持 TLS 1.2。
内部异常堆栈跟踪:
The adapter failed to transmit message going to send port
"SndPort_PostMsgfile" with URL
"https://demo-xxxxxx-api.abc.com/api/Message/MessageFile". It will be
retransmitted after the retry interval specified for this Send Port.
Details:"System.ServiceModel.Security.SecurityNegotiationException:
Could not establish secure channel for SSL/TLS with authority
'demo-common-api.medimpactdirect.com'. ---> System.Net.WebException:
The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at
System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult
result)
服务器堆栈跟踪:
at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
at
System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult
result) at
System.ServiceModel.Channels.ServiceChannel.EndCall(String action,
Object[] outs, IAsyncResult result) at
System.ServiceModel.Channels.ServiceChannel.EndRequest(IAsyncResult
result)
Exception rethrown at [0]: at
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at
System.ServiceModel.Channels.IRequestChannel.EndRequest(IAsyncResult
result) at
Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.RequestCallback(IAsyncResult
result)".
我们要确保从 BizTalk 发出的请求始终在 TLS 1.2 上。我们是否需要通过使用以下代码片段构建行为扩展来更新 WebHTTP 发送端口(如 API 中所做的那样)-
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
是否需要更改注册表?我尝试根据以下建议更新注册表:
https://support.microsoft.com/en-us/help/3155464/ms16-065-description-of-the-tls-ssl-protocol-information-disclosure-vu
为了支持 BizTalk 2016 的 TLS 1.2,我们升级到 BizTalk 2016 Feature Pack 3。升级成功,我们的工作流程正常运行,直到我们的网络关闭了对 TLS 1.0 和 TLS 1.1 的支持。之后,我们在从 BizTalk 调用 API 时开始收到以下错误:我们知道 API 支持 TLS 1.2。
内部异常堆栈跟踪:
The adapter failed to transmit message going to send port "SndPort_PostMsgfile" with URL "https://demo-xxxxxx-api.abc.com/api/Message/MessageFile". It will be retransmitted after the retry interval specified for this Send Port. Details:"System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'demo-common-api.medimpactdirect.com'. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)
服务器堆栈跟踪:
at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result) at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result) at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result) at System.ServiceModel.Channels.ServiceChannel.EndRequest(IAsyncResult result)
Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at System.ServiceModel.Channels.IRequestChannel.EndRequest(IAsyncResult result) at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.RequestCallback(IAsyncResult result)".
我们要确保从 BizTalk 发出的请求始终在 TLS 1.2 上。我们是否需要通过使用以下代码片段构建行为扩展来更新 WebHTTP 发送端口(如 API 中所做的那样)- ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
是否需要更改注册表?我尝试根据以下建议更新注册表: https://support.microsoft.com/en-us/help/3155464/ms16-065-description-of-the-tls-ssl-protocol-information-disclosure-vu