Windows 10 上的 .NET 4.8 TLS 1.3 问题
.NET 4.8 TLS 1.3 Issue on Windows 10
运行 Windows 10(版本 10.0.19041)上的 .NET 4.8 应用程序
使用注册表启用了 TLS 1.3
但是运行下面的代码:
try
{
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13;
using (var client = new WebClient())
{
var img = client.DownloadData("URL of an image - Only TLS 1.3 at client side - removed for privacy purposes");
MemoryStream ms = new MemoryStream(img);
Image i = Image.FromStream(ms);
i.Save(AppDomain.CurrentDomain.BaseDirectory+"/img1.jpeg");
}
}
catch(Exception ex)
{
logger.Log(LogLevel.Error, ex.ToString());
}
产生以下 - 异常 StackTrace:
2020-10-05 12:40:52.4779 ERROR System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException: Cannot determine the frame size or a corrupted frame was received.
at System.Net.Security._SslStream.StartFrameBody(Int32 readBytes, Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.StartFrameHeader(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.StartReading(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.ProcessRead(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.Read(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.TlsStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
我发现了一个与 .NET 5.0 相关的问题,但我不知道该问题是否已修复或将在 .NET 4.8 中修复
https://github.com/dotnet/runtime/issues/1720
从 Transport Layer Security (TLS) best practices with the .NET Framework document issue 开始,约会 2020-08-21:
.NET Framework does not support TLS 1.3 yet. It is something we will start working on soon (cc @wfurt). The bottom line is that to use TLS 1.3, we have to use new Windows API, therefore we have to change our code in .NET Framework and the change is rather large due to other requirements of TLS 1.3 (things that don't matter in TLS 1.2 and lower).
Also note that Windows 10 with TLS 1.3 (non-experimental support) was released only recently, I think that only in Windows 10 Insider builds (@wfurt has more details).
In .NET Core we implemented TLS 1.3 support just recently in upcoming RC1 build of .NET 5. You can try it out there (on OS build that supports it too of course).
.NET 5 RC1 已发布并拥有 production-ready go-live 许可证。
运行 Windows 10(版本 10.0.19041)上的 .NET 4.8 应用程序
但是运行下面的代码:
try
{
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13;
using (var client = new WebClient())
{
var img = client.DownloadData("URL of an image - Only TLS 1.3 at client side - removed for privacy purposes");
MemoryStream ms = new MemoryStream(img);
Image i = Image.FromStream(ms);
i.Save(AppDomain.CurrentDomain.BaseDirectory+"/img1.jpeg");
}
}
catch(Exception ex)
{
logger.Log(LogLevel.Error, ex.ToString());
}
产生以下 - 异常 StackTrace:
2020-10-05 12:40:52.4779 ERROR System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException: Cannot determine the frame size or a corrupted frame was received.
at System.Net.Security._SslStream.StartFrameBody(Int32 readBytes, Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.StartFrameHeader(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.StartReading(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.ProcessRead(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.Read(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.TlsStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
我发现了一个与 .NET 5.0 相关的问题,但我不知道该问题是否已修复或将在 .NET 4.8 中修复 https://github.com/dotnet/runtime/issues/1720
从 Transport Layer Security (TLS) best practices with the .NET Framework document issue 开始,约会 2020-08-21:
.NET Framework does not support TLS 1.3 yet. It is something we will start working on soon (cc @wfurt). The bottom line is that to use TLS 1.3, we have to use new Windows API, therefore we have to change our code in .NET Framework and the change is rather large due to other requirements of TLS 1.3 (things that don't matter in TLS 1.2 and lower).
Also note that Windows 10 with TLS 1.3 (non-experimental support) was released only recently, I think that only in Windows 10 Insider builds (@wfurt has more details).
In .NET Core we implemented TLS 1.3 support just recently in upcoming RC1 build of .NET 5. You can try it out there (on OS build that supports it too of course).
.NET 5 RC1 已发布并拥有 production-ready go-live 许可证。