1. дома
  2. Вопрос и ответ
  3. TLS терпит неудачу в поле сервера, но работает нормально локально

TLS терпит неудачу в поле сервера, но работает нормально локально

2015-07-01 4 views
0

У меня есть веб-сайт, называющий веб-API через https, все в C# .net, и он работал нормально, пока поставщики API не изменили сертификат на удаление SSL и я начал получать:TLS терпит неудачу в поле сервера, но работает нормально локально

Authentication failed because the remote party has closed the transport stream.

После исправления, в котором я добавил:

ServicePointManager.SecurityProtocol = 
     SecurityProtocolType.Tls | 
     SecurityProtocolType.Tls11 | 
     SecurityProtocolType.Tls12;

чтобы разрешить только Tls шифры, все работало отлично локально с тем же URL я зову на живой среде, но на реальном сервере я все еще получаю:

Authentication failed because the remote party has closed the transport stream.

Я убедился, что код был обновлен, пул приложений переработан и протоколы Tls были включены в ключи регистра.

У кого-нибудь есть предложения? Это API является общедоступным сторонним один

OpenSSL вызова для получения сертификата:

$ openssl s_client -showcerts -connect ws.purple-parking.com:443 
CONNECTED(00000003) 
depth=0 /1.3.6.1.4.1.311.60.2.1.3=GB/2.5.4.15=Private Organization/serialNumber= 
02341479/C=GB/ST=MIDDLESEX/L=Southall/O=Purple Parking Limited/CN=www.purpleparking.com 
verify error:num=20:unable to get local issuer certificate 
verify return:1 
depth=0 /1.3.6.1.4.1.311.60.2.1.3=GB/2.5.4.15=Private Organization/serialNumber= 
02341479/C=GB/ST=MIDDLESEX/L=Southall/O=Purple Parking Limited/CN=www.purpleparking.com 
verify error:num=27:certificate not trusted 
verify return:1 
depth=0 /1.3.6.1.4.1.311.60.2.1.3=GB/2.5.4.15=Private Organization/serialNumber=02341479/C=GB/ST=MIDDLESEX/L=Southall/O=Purple Parking Limited/CN=www.purpleparking.com 
verify error:num=21:unable to verify the first certificate 
verify return:1 
--- 
Certificate chain 
0 s:/1.3.6.1.4.1.311.60.2.1.3=GB/2.5.4.15=Private Organization/serialNumber=023 
41479/C=GB/ST=MIDDLESEX/L=Southall/O=Purple Parking Limited/CN=www.purpleparking.com 
    i:/C=US/O=thawte, Inc./CN=thawte EV SSL CA - G3 
-----BEGIN CERTIFICATE----- 
MIIGnTCCBYWgAwIBAgIQFINUUfQAQ/jRmnwUyl5IODANBgkqhkiG9w0BAQsFADBE 
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR4wHAYDVQQDExV0 
aGF3dGUgRVYgU1NMIENBIC0gRzMwHhcNMTUwNjIyMDAwMDAwWhcNMTcwNjIxMjM1 
OTU5WjCBvDETMBEGCysGAQQBgjc8AgEDEwJHQjEdMBsGA1UEDxMUUHJpdmF0ZSBP 
cmdhbml6YXRpb24xETAPBgNVBAUTCDAyMzQxNDc5MQswCQYDVQQGEwJHQjESMBAG 
A1UECBQJTUlERExFU0VYMREwDwYDVQQHFAhTb3V0aGFsbDEfMB0GA1UEChQWUHVy 
cGxlIFBhcmtpbmcgTGltaXRlZDEeMBwGA1UEAxQVd3d3LnB1cnBsZXBhcmtpbmcu 
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjdakM8sroVgkQJg 
246TqD+miID6S0D6xErmb1Z3hMUZ1twfF+2+O+rM6aV+RzG4uv9nCFgon7sz3Jtr 
LbbZwTi7T7Lp86ZAgaJH2N0PuBF6nbML/vm4DDb9m8Bp+WXTD6i//ECITJsYQT6y 
azGDuUG1itBO2DXd9byws6tPoQz2zSZsiOZSIt6W/caZsXNM3Lh6struFkU/GNK/ 
PRpAsvrstSiAkX2Oce9xS7r3+ndl2I2zYtyaIQn+yo6B9a62/3dilp9zhtFz8Qml 
jr2fyKhhCRNOGb7KkxS92O+e3IMElM7qT4vFY0/EXOS9gUds2Wtnozs3EYglA23S 
7rty5wIDAQABo4IDEDCCAwwwMwYDVR0RBCwwKoIVd3d3LnB1cnBsZXBhcmtpbmcu 
Y29tghFwdXJwbGVwYXJraW5nLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF 
oDArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vdGkuc3ltY2IuY29tL3RpLmNybDBz 
BgNVHSAEbDBqMGgGC2CGSAGG+EUBBzABMFkwJgYIKwYBBQUHAgEWGmh0dHBzOi8v 
d3d3LnRoYXd0ZS5jb20vY3BzMC8GCCsGAQUFBwICMCMMIWh0dHBzOi8vd3d3LnRo 
YXd0ZS5jb20vcmVwb3NpdG9yeTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH 
AwIwHwYDVR0jBBgwFoAU8HBR2tMqkU9Sd9eGd3QPznEabCIwVwYIKwYBBQUHAQEE 
SzBJMB8GCCsGAQUFBzABhhNodHRwOi8vdGkuc3ltY2QuY29tMCYGCCsGAQUFBzAC 
hhpodHRwOi8vdGkuc3ltY2IuY29tL3RpLmNydDCCAX0GCisGAQQB1nkCBAIEggFt 
BIIBaQFnAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFOGsgm 
AAAABAMARjBEAiB5rcYHE6iCn46pGmu7pypX45idUFWfG/dvWUUyRtCkwgIgBawV 
OvRoK/qBRbhtbJKSQX8m7cR66D2/wRPtqcLRqwMAdgBWFAaaL9fC7NP14b1Esj7H 
Rna5vJkRXMDvlJhV1onQ3QAAAU4ayCa0AAAEAwBHMEUCIQCK0MtuI8iQzJFHsBwq 
R1rNosewQ5xEoszD7i5FdMGYjQIgeUOqVh4chJ7lB6FK63Ab+vvRs2fW/Md41ygc 
qMIdzdMAdgBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAU4ayCX0 
AAAEAwBHMEUCIQCR/Vos9OgLGna7nPHiuyXoKpxWA8/wwQuZ4xPGO4arQwIgInns 
APxbyNOfqlva1Vdj8tGjxUTTDEmA6UpAkx6dA20wDQYJKoZIhvcNAQELBQADggEB 
AKd+7KwuixZigGn7yO39QH3agLHclym9NyO5yfUQ2vMoxXG/iW48bvlRgru/FQJi 
++PASTPPoRkoBolenFi0KEcnitLObBPBHqQPCGZH3sUtetuhPD+SR2ZgCY1ZjnCX 
WfjIrUHsdVY/hfgDGnrplVBRcpE2bc7uA0twk9axshZvI6V5U8hZbXMig96geFUg 
8lgUqgM7VqwIUqA5OGRdOKNZeUdCtAACkoWIst32DSp+WewLJx0Dwdh/jnG7WRoZ 
pZEks0P7GlI7rD8JEnDyaP24Zw/oK8Q2t79HYz3VvQ3Uiz+YeNvE1yf/JDSlQ8uq 
MbPO1SuLlS0jBI7XEpreNAA= 
-----END CERTIFICATE----- 
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC CA 
    i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. 
- For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 
-----BEGIN CERTIFICATE----- 
MIIGHjCCBQagAwIBAgIQLEjdkw31WY75PJlUemDtQzANBgkqhkiG9w0BAQUFADCB 
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL 
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp 
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW 
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 
aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBvjEL 
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW 
ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg 
aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMvVmVy 
aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0EwggEi 
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Voi6iDRkZM/NyrDu5xlzxXLZ 
u0W8taj/g74cA9vtibcuEBolvFXKQaGfC88ZXnC5XjlLnjEcX4euKqqoK6IbOxAj 
XxOx3QiMThTag4HjtYzjaO0kZ85Wtqybc5ZE24qMs9bwcZOO23FUSutzWWqPcFEs 
A5+X0cwRerxiDZUqyRx1V+n1x+q6hDXLx4VafuRN4RGXfQ4gNEXb8aIJ6+s9nriW 
Q140SwglHkMaotm3igE0PcP45a9PjP/NZfAjTsWXs1zakByChQ0GDcEitnsopAPD 
TFPRWLxyvAg5/KB2qKjpS26IPeOzMSWMcylIDjJ5Bu09Q/T25On8fb6OCNUfAgMB 
AAGjggIIMIICBDAdBgNVHQ4EFgQUTkPIHXbvN1N6T/JYb5TzOOLVvd8wEgYDVR0T 
AQH/BAgwBgEB/wIBADA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc 
aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczA9BgNVHR8ENjA0MDKgMKAuhixo 
dHRwOi8vRVZTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9wY2EzLWc1LmNybDAOBgNV 
HQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgEGMG0GCCsGAQUFBwEMBGEwX6Fd 
oFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrU 
SBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMCkG 
A1UdEQQiMCCkHjAcMRowGAYDVQQDExFDbGFzczNDQTIwNDgtMS00ODAfBgNVHSME 
GDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzA9BggrBgEFBQcBAQQxMC8wLQYIKwYB 
BQUHMAGGIWh0dHA6Ly9FVlNlY3VyZS1vY3NwLnZlcmlzaWduLmNvbTA0BgNVHSUE 
LTArBglghkgBhvhCBAEGCmCGSAGG+EUBCAEGCCsGAQUFBwMBBggrBgEFBQcDAjAN 
BgkqhkiG9w0BAQUFAAOCAQEAJ3SmNOodneFT1hydDKdbTKln8vAytwEP+0IYON7k 
7knIE8kL7ATDQHEYcnZDAiNdq3vISBQayHsd/PYKnzah0glzcWaWdVE0v5kwUWed 
VLcmRaxzCCOGJplx9I7X6jmbBgkjv2LdqMS2faSJBz7zba5AWVB5lzc9Mnh9smNL 
+eoIaQ4T7ejPu6wFhsoiz4hiXTwiSdhj1SSmve9c48wgOyLq/ETGqOUf4YbNDE2P 
k1PZf+6hCKezMJZJcG6jbD3QY+8lZmPMqrcYF07qcHb2ukKmgDcJTp9miC5rM2bI 
wHGkQeta4/wULkuI/a5uW2XpJ+S/5LAjwbJ9W2Il1z4Q1A== 
-----END CERTIFICATE----- 
2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. 
- For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 
    i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority 
-----BEGIN CERTIFICATE----- 
MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4/TANBgkqhkiG9w0BAQUFADBf 
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT 
LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw 
HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx 
FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz 
dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv 
ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz 
IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi 
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8 
RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb 
ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR 
TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/ 
Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH 
iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB 
AAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0 
dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9 
BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy 
aXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYI 
KwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQU 
j+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29t 
L3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v 
b2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMC 
BggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUA 
A4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5K 
lCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZ 
tOxFNfeKW/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3/ 
-----END CERTIFICATE----- 
--- 
Server certificate 
subject=/1.3.6.1.4.1.311.60.2.1.3=GB/2.5.4.15=Private Organization/serialNumber= 
02341479/C=GB/ST=MIDDLESEX/L=Southall/O=Purple Parking Limited/CN=www.purpleparking.com 
issuer=/C=US/O=thawte, Inc./CN=thawte EV SSL CA - G3 
--- 
No client certificate CA names sent 
--- 
SSL handshake has read 5457 bytes and written 444 bytes 
--- 
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA 
Server public key is 2048 bit 
Compression: NONE 
Expansion: NONE 
SSL-Session: 
    Protocol : TLSv1 
    Cipher : DHE-RSA-AES256-SHA 
    Session-ID: F286D708BDD3413C688722CCC5C89DA65217668DF16739C6495A8EF4216B3C76 

    Session-ID-ctx: 
    Master-Key: 806065D476B184621B040B4E6E9E384BEDECF90551946E6B68AB6ABA530C5C208735676C249F06E56D081062017660E4 
    Key-Arg : None 
    Start Time: 1435830533 
    Timeout : 300 (sec) 
    Verify return code: 21 (unable to verify the first certificate) 
--- 
read:errno=0

источник

2015-07-01 Ed Freitas

ответ

0

Проблема сервер, Windows 2008 без пакета обновления R2 не поддерживает TLS выше версий 1.0

источник

2015-07-07 12:03:56

Смежные вопросы

 Смежные вопросы