.NET Core 3 是否支持 TLS 1.3
Does .NET Core 3 support TLS 1.3
我正在使用 .NET Core 3.0 制作仅支持 TLS 1.3 的代理,我看到 Tls13 = 12288 是在 SslProtocols 中定义的。但是在我的测试中它只抛出异常"The client and server cannot communicate, because they do not possess a common algorithm"。
所以我的问题是 .NET Core 3.0 现在是否支持 TLS 1.3?
我使用的是visual studioprofessional 2019 version 16.3.0 preview 3.0,我的项目是netcore3.0
Tls13 is defined in SslProtocols
//
// Summary:
// Defines the possible versions of System.Security.Authentication.SslProtocols.
[Flags]
public enum SslProtocols {
//
// Summary:
// Allows the operating system to choose the best protocol to use, and to block
// protocols that are not secure. Unless your app has a specific reason not to,
// you should use this field.
None = 0,
//
// Summary:
// Specifies the SSL 2.0 protocol. SSL 2.0 has been superseded by the TLS protocol
// and is provided for backward compatibility only.
Ssl2 = 12,
//
// Summary:
// Specifies the SSL 3.0 protocol. SSL 3.0 has been superseded by the TLS protocol
// and is provided for backward compatibility only.
Ssl3 = 48,
//
// Summary:
// Specifies the TLS 1.0 security protocol. The TLS protocol is defined in IETF
// RFC 2246.
Tls = 192,
//
// Summary:
// Use None instead of Default. Default permits only the Secure Sockets Layer (SSL)
// 3.0 or Transport Layer Security (TLS) 1.0 protocols to be negotiated, and those
// options are now considered obsolete. Consequently, Default is not allowed in
// many organizations. Despite the name of this field, System.Net.Security.SslStream
// does not use it as a default except under special circumstances.
Default = 240,
//
// Summary:
// Specifies the TLS 1.1 security protocol. The TLS protocol is defined in IETF
// RFC 4346.
Tls11 = 768,
//
// Summary:
// Specifies the TLS 1.2 security protocol. The TLS protocol is defined in IETF
// RFC 5246.
Tls12 = 3072,
//
// Summary:
// Specifies the TLS 1.3 security protocol. The TLS protocol is defined in IETF
// RFC 8446.
Tls13 = 12288
}
Google是你的朋友:
https://docs.microsoft.com/en-us/dotnet/core/whats-new/dotnet-core-3-0
TLS 1.3 & OpenSSL 1.1.1 on Linux .NET Core now takes advantage of TLS
1.3 support in OpenSSL 1.1.1, when it's available in a given environment. With TLS 1.3:
Connection times are improved with reduced round trips required
between the client and server. Improved security because of the
removal of various obsolete and insecure cryptographic algorithms.
When available, .NET Core 3.0 uses OpenSSL 1.1.1, OpenSSL 1.1.0, or
OpenSSL 1.0.2 on a Linux system. When OpenSSL 1.1.1 is available, both
System.Net.Security.SslStream and System.Net.Http.HttpClient types
will use TLS 1.3 (assuming both the client and server support TLS
1.3).
我正在使用 .NET Core 3.0 制作仅支持 TLS 1.3 的代理,我看到 Tls13 = 12288 是在 SslProtocols 中定义的。但是在我的测试中它只抛出异常"The client and server cannot communicate, because they do not possess a common algorithm"。 所以我的问题是 .NET Core 3.0 现在是否支持 TLS 1.3?
我使用的是visual studioprofessional 2019 version 16.3.0 preview 3.0,我的项目是netcore3.0
Tls13 is defined in SslProtocols
//
// Summary:
// Defines the possible versions of System.Security.Authentication.SslProtocols.
[Flags]
public enum SslProtocols {
//
// Summary:
// Allows the operating system to choose the best protocol to use, and to block
// protocols that are not secure. Unless your app has a specific reason not to,
// you should use this field.
None = 0,
//
// Summary:
// Specifies the SSL 2.0 protocol. SSL 2.0 has been superseded by the TLS protocol
// and is provided for backward compatibility only.
Ssl2 = 12,
//
// Summary:
// Specifies the SSL 3.0 protocol. SSL 3.0 has been superseded by the TLS protocol
// and is provided for backward compatibility only.
Ssl3 = 48,
//
// Summary:
// Specifies the TLS 1.0 security protocol. The TLS protocol is defined in IETF
// RFC 2246.
Tls = 192,
//
// Summary:
// Use None instead of Default. Default permits only the Secure Sockets Layer (SSL)
// 3.0 or Transport Layer Security (TLS) 1.0 protocols to be negotiated, and those
// options are now considered obsolete. Consequently, Default is not allowed in
// many organizations. Despite the name of this field, System.Net.Security.SslStream
// does not use it as a default except under special circumstances.
Default = 240,
//
// Summary:
// Specifies the TLS 1.1 security protocol. The TLS protocol is defined in IETF
// RFC 4346.
Tls11 = 768,
//
// Summary:
// Specifies the TLS 1.2 security protocol. The TLS protocol is defined in IETF
// RFC 5246.
Tls12 = 3072,
//
// Summary:
// Specifies the TLS 1.3 security protocol. The TLS protocol is defined in IETF
// RFC 8446.
Tls13 = 12288
}
Google是你的朋友:
https://docs.microsoft.com/en-us/dotnet/core/whats-new/dotnet-core-3-0
TLS 1.3 & OpenSSL 1.1.1 on Linux .NET Core now takes advantage of TLS 1.3 support in OpenSSL 1.1.1, when it's available in a given environment. With TLS 1.3:
Connection times are improved with reduced round trips required between the client and server. Improved security because of the removal of various obsolete and insecure cryptographic algorithms. When available, .NET Core 3.0 uses OpenSSL 1.1.1, OpenSSL 1.1.0, or OpenSSL 1.0.2 on a Linux system. When OpenSSL 1.1.1 is available, both System.Net.Security.SslStream and System.Net.Http.HttpClient types will use TLS 1.3 (assuming both the client and server support TLS 1.3).