由于
Heartbleed,我们的网关服务器已更新,并出现此问题.
>请注意,问题只存在于Win7盒子上; WinXP盒工作无问题(相同的代码,不同的OS =问题);授予WinXP不再是一个有效的操作系统,只是想注意功能.
客户端应用程序(.NET 2.0)位于Windows 7(或8)框上.服务器在Gateway Server后面的DMZ内运行.只是要注意,我发现这个问题不再存在于.NET 4.0上 – 但是由于遗留代码,我没有更新的奢侈.
网关服务器是一个通过框,Apache HTTP Server与SSL一起运行.其位置位于DMZ之外,用于访问DMZ内的服务器.在Gateway服务器上运行的软件版本为Apache / 2.2.25(Win32),mod_jk / 1.2.39,mod_ssl / 2.2.25,OpenSSL / 1.0.1g
以下是客户端应用程序使用的代码(添加了大量日志记录)…注意,’serverName’通常包含一个值,如“https://some.url.com”
private bool ConnectAndAuthenicate(string serverName,out TcpClient client,out SslStream sslStream)
{
client = null;
sslStream = null;
try
{
client = new TcpClient(serverName,443); // Create a TCP/IP client; ctor attempts connection
Log("ConnectAndAuthenicate: Client CONNECTED"));
sslStream = new SslStream(client.GetStream(),false,ValidateServerCertificate,null);
Log("ConnectAndAuthenicate: SSL Stream CREATED"));
}
catch (Exception x)
{
Log("ConnectAndAuthenicate: EXCEPTION >> CONNECTING to server: {0}",x.ToString()));
if (x is SocketException)
{
SocketException s = x as SocketException;
Log("ConnectAndAuthenicate: EXCEPTION >> CONNECTING to server: Socket.ErrorCode: {0}",s.ErrorCode));
}
if (client != null) { client.Close(); client = null; }
if (sslStream != null) { sslStream.Close(); sslStream = null; }
}
if (sslStream == null) return false;
try
{
sslStream.ReadTimeout = 10000; // wait 10 seconds for a response ...
Log("ConnectAndAuthenicate: AuthenticateAsClient CALLED ({0})",serverName));
sslStream.AuthenticateAsClient(serverName);
Log("ConnectAndAuthenicate: AuthenticateAsClient COMPLETED SUCCESSFULLY"));
return true;
}
catch (Exception x)
{
Log("ConnectAndAuthenicate: EXCEPTION >> AuthenticateAsClient: {0}",x.ToString()));
client.Close(); client = null;
sslStream.Close(); sslStream = null;
}
return false;
}
关于ServicePointManager的注 – answers posted对本应用程序的结果绝对没有影响.
每当在Win 7框上运行应用程序时调用AuthenicateAsClient(),则发生异常 – 如果应用程序在WinXP框上运行,代码可以正常工作而无异常.
任何解决方案的想法都非常受欢迎.
解决方法
在设置
ServicePointManager.SecurityProtocol静态ctor与
SecurityProtocolType之后,我发现提到另一个名为SslPolicy的枚举 – 进一步的研究发现,AuthenicateAsClient has an overload以SslPolicy为参数.
sslStream.AuthenticateAsClient(serverName,null,SslPolicy.Tls,false);
