我已禁用 TLS 1.0 和 TLS 1.1。在 Identity Server 中(使用 WebHostBuilder 在 Service Fabric 集群中运行的 v4,目标是使用自签名证书的 .NET 4.6.2)。我在 Startup.cs 中添加了以下内容:
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
我收到以下错误:
System.InvalidOperationException: IDX10803: Unable to create to obtain
configuration from: 'https://services.mytest.com:8443/oauth/.well-
known/openid-configuration'. ---> System.IO.IOException: Unable to get
document from: https://services.mytest.com:8443/oauth/.well-
known/openid-configuration ---> System.Net.Http.HttpRequestException: An
error occurred while sending the request. ---> System.Net.WebException: The
underlying connection was closed: An unexpected error occurred on a receive.
---> System.ComponentModel.Win32Exception: The client and server cannot
communicate, because they do not possess a common algorithm
我看过这里的问题:
IDX10803: Unable to create to obtain configuration
Unable to obtain configuration from well-known/openid-configuration
我已经尝试了这些建议(包括将证书添加到受信任的根)
最佳答案
我不太了解那个特定的软件,但这里的问题不是证书不受信任(根据错误消息),而是您的服务器和客户端尝试在 TLS 握手期间协商哪个协议(protocol)版本,加密应使用密码和 key 交换机制。看起来客户端和服务器现在变得不兼容了。要么更改客户端,要么更改服务器。
另请参阅相关帖子并提供可能的解决方案:
The client and server cannot communicate, because they do not possess a common algorithm
关于asp.net - 身份服务器 4 和 TLS 1.2,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51385821/