System.Net.WebRequest 支持哪些版本的 SSL/TLS?
现在已经发现 SSL 3 容易受到 POODLE 攻击:
Now that SSL 3 has been found to be vulnerable to the POODLE attack:
System.Net.WebRequest 在连接到任何 https Uri 时使用哪个版本的 SSL/TLS?
Which versions of SSL/TLS does System.Net.WebRequest use when connecting to any https Uri?
我使用 WebRequest 连接到多个 3rd 方 API.其中之一现在表示他们将阻止任何使用 SSL 3 的请求.但 WebRequest 是 .Net 核心框架的一部分(使用 4.5),因此它使用的版本并不明显.
I use WebRequest to connect to several 3rd party API's. One of these has now said they will block any request that uses SSL 3. But WebRequest is part of the .Net core framework (using 4.5) so it is not obvious what version it uses.
当使用 System.Net.WebRequest 时,您的应用程序将与服务器协商以确定您的应用程序和服务器都支持的最高 TLS 版本,并使用它.您可以在此处查看有关其工作原理的更多详细信息:
When using System.Net.WebRequest your application will negotiate with the server to determine the highest TLS version that both your application and the server support, and use this. You can see more details on how this works here:
http://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_handshake
如果服务器不支持 TLS,它将回退到 SSL,因此它可能回退到 SSL3.您可以在此处查看 .NET 4.5 支持的所有版本:
If the server doesn't support TLS it will fallback to SSL, therefore it could potentially fallback to SSL3. You can see all of the versions that .NET 4.5 supports here:
http:///msdn.microsoft.com/en-us/library/system.security.authentication.sslprotocols(v=vs.110).aspx
为了防止您的应用程序容易受到 POODLE 的攻击,您可以按照以下说明在运行您的应用程序的机器上禁用 SSL3:
In order to prevent your application being vulnerable to POODLE, you can disable SSL3 on the machine that your application is running on by following this explanation: