Interop Crypto OpenSslCryptographicException: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Interop Crypto OpenSslCryptographicException: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
无论目标是 net5.0 还是 net6.0 框架,在尝试创建 sslstream 时,它都会在 上重复抛出错误 运行Ubuntu OS 在处理 Windows OS 时,处理此错误的正确方法是什么?
错误信息
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
---> Interop+Crypto+OpenSslCryptographicException: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
--- End of inner exception stack trace ---
at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, ReadOnlySpan`1 input, Byte[]& sendBuf, Int32& sendCount)
at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteSslContext& context, ReadOnlySpan`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
示例代码
public static SslStream CreateSslStream(this TcpClient client, bool leaveInnerStreamOpen = false)
{
var validationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate);
var selectionCallback = new LocalCertificateSelectionCallback(SelectLocalCertificate);
return new SslStream(client.GetStream(), leaveInnerStreamOpen, validationCallback, selectionCallback);
}
我参考了工单:Reopen #44191: SSL/TLS handshake fails in Ubuntu 20.04 and Net 5.0.1,定制了openssl.cnf,现在问题已经解决了。
/etc/ssl/openssl.cnf
# Add this in the head of the file
openssl_conf = openssl_init
#
# skip
#
# And the following in the end of the file
[openssl_init]
ssl_conf = ssl_config
[ssl_config]
system_default = tls_defaults
[tls_defaults]
CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
MinProtocol = TLSv1.2
无论目标是 net5.0 还是 net6.0 框架,在尝试创建 sslstream 时,它都会在 上重复抛出错误 运行Ubuntu OS 在处理 Windows OS 时,处理此错误的正确方法是什么?
错误信息
System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
---> Interop+Crypto+OpenSslCryptographicException: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
--- End of inner exception stack trace ---
at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, ReadOnlySpan`1 input, Byte[]& sendBuf, Int32& sendCount)
at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteSslContext& context, ReadOnlySpan`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
示例代码
public static SslStream CreateSslStream(this TcpClient client, bool leaveInnerStreamOpen = false)
{
var validationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate);
var selectionCallback = new LocalCertificateSelectionCallback(SelectLocalCertificate);
return new SslStream(client.GetStream(), leaveInnerStreamOpen, validationCallback, selectionCallback);
}
我参考了工单:Reopen #44191: SSL/TLS handshake fails in Ubuntu 20.04 and Net 5.0.1,定制了openssl.cnf,现在问题已经解决了。
/etc/ssl/openssl.cnf
# Add this in the head of the file
openssl_conf = openssl_init
#
# skip
#
# And the following in the end of the file
[openssl_init]
ssl_conf = ssl_config
[ssl_config]
system_default = tls_defaults
[tls_defaults]
CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
MinProtocol = TLSv1.2