请求被中止:无法创建 SSL/TLS 安全通道
Posted
技术标签:
【中文标题】请求被中止:无法创建 SSL/TLS 安全通道【英文标题】:The request was aborted: Could not create SSL/TLS secure channel 【发布时间】:2012-06-05 01:20:04 【问题描述】:我的客户已告知我他们的 SSL 和 Internet Explorer 存在问题。他们说他们在访问 URL 时遇到了信任问题。
我正在通过 HTTPS 访问 JSON。该网站位于一台服务器上,我在本地计算机上使用控制台应用程序。我正在尝试绕过 SSL 证书,但是我的代码仍然失败。
我可以修改 HttpWebRequest 来解决这个问题吗?
我使用此代码收到此错误:
// You must change the URL to point to your Web server.
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
req.Method = "GET";
req.AllowAutoRedirect = true;
// allows for validation of SSL conversations
ServicePointManager.ServerCertificateValidationCallback = delegate return true; ;
WebResponse respon = req.GetResponse();
Stream res = respon.GetResponseStream();
string ret = "";
byte[] buffer = new byte[1048];
int read = 0;
while ((read = res.Read(buffer, 0, buffer.Length)) > 0)
//Console.Write(Encoding.ASCII.GetString(buffer, 0, read));
ret += Encoding.ASCII.GetString(buffer, 0, read);
return ret;
【问题讨论】:
您使用的是自签名证书吗? 不,客户说 Comodo。 The request was aborted: Could not create SSL/TLS secure channel的可能重复 【参考方案1】:不幸的是,上面提到的答案都不适合我。 下面列出的代码对我来说是个奇迹。以防万一它对某人有帮助。
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
| SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12
| SecurityProtocolType.Ssl3;
这必须在创建 HttpWebRequest 之前设置。
【讨论】:
主要是在创建HttpWebRequest之前进行设置。谢谢。【参考方案2】:这对我有用:
ServicePointManager.ServerCertificateValidationCallback = (snder, cert, chain, error) => true;
如果它不起作用,它可能会与其他类似的解决方案一起使用:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
ServicePointManager.ServerCertificateValidationCallback = (snder, cert, chain, error) => true;
【讨论】:
【参考方案3】:这对我有用:
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
| SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12
| SecurityProtocolType.Ssl3;
【讨论】:
【参考方案4】:来自@sameerfair 评论
“我注意到,对于 .Net v4.0,将 ServicePointManager.SecurityProtocol 的值设置为 (SecurityProtocolType)3072,但在创建 HttpWebRequest 对象之前有所帮助。”
上述建议对我有用。以下是对我有用的代码行
var securedwebserviceurl="https://somedomain.com/service";
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls12 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11;
// Skip validation of SSL/TLS certificate
ServicePointManager.ServerCertificateValidationCallback = delegate return true; ;
var httpWebRequest = (HttpWebRequest)WebRequest.Create(securedwebserviceurl);
httpWebRequest.ContentType = "application/json";
httpWebRequest.Method = "POST";
httpWebRequest.ProtocolVersion= HttpVersion.Version10;
var httpResponse = (HttpWebResponse)httpWebRequest.GetResponse();
using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
string responseFromServer = streamReader.ReadToEnd();
【讨论】:
【参考方案5】:类似于an existing answer,但在 PowerShell 中:
[System.Net.ServicePointManager]::SecurityProtocol = `
[System.Net.SecurityProtocolType]::Tls11 -bor
[System.Net.SecurityProtocolType]::Tls12 -bor `
[System.Net.SecurityProtocolType]::Tls -bor `
[System.Net.SecurityProtocolType]::Ssl3
然后调用 Invoke-WebRequest 应该可以工作。
从匿名反馈中得到这个,很好的建议: 更简单的写法是:
[System.Net.ServicePointManager]::SecurityProtocol = @("Tls12","Tls11","Tls","Ssl3")
发现 Jaykul 这篇精彩且相关的帖子:Validating Self-Signed Certificates From .Net and PowerShell
【讨论】:
答案的移动取决于您对它们的排序方式,默认情况下,它们有多少票。考虑参考作者的其他答案。 感谢您的这篇文章...我对如何设置协议类型感到困惑。【参考方案6】:如下定义 SecurityProtocol。这对我的问题进行了排序
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
【讨论】:
【参考方案7】:我注意到对于 .Net v4.0,将 ServicePointManager.SecurityProtocol 的值设置为 (SecurityProtocolType)3072 但在创建 HttpWebRequest 对象之前有所帮助。
【讨论】:
赞成提醒我在创建 HttpWebrequest 对象之前设置 SecurityProtocol,但是为什么...为什么要转换 int 而不是拼出枚举值? 或者只使用 System.Net 中的枚举值 SecurityProtocolType.Tls12 上述建议对我有用。解决方案应该被接受。您可以在评论部分下方找到我的代码行【参考方案8】:还收到“无法创建 SSL/TLS 安全通道”错误。这对我有用。 System.Net.ServicePointManager.SecurityProtocol = (System.Net.SecurityProtocolType)3072;
【讨论】:
【参考方案9】:我使用此代码启用了日志记录:
http://blogs.msdn.com/b/dgorti/archive/2005/09/18/471003.aspx
日志位于 bin/debug 文件夹中(我的控制台应用程序处于调试模式)。您需要将安全协议类型添加为 SSL 3
我在日志中收到算法不匹配。这是我的新代码:
// You must change the URL to point to your Web server.
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
req.Method = "GET";
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
// Skip validation of SSL/TLS certificate
ServicePointManager.ServerCertificateValidationCallback = delegate return true; ;
WebResponse respon = req.GetResponse();
Stream res = respon.GetResponseStream();
string ret = "";
byte[] buffer = new byte[1048];
int read = 0;
while ((read = res.Read(buffer, 0, buffer.Length)) > 0)
Console.Write(Encoding.ASCII.GetString(buffer, 0, read));
ret += Encoding.ASCII.GetString(buffer, 0, read);
return ret;
【讨论】:
值得一提的是,在 SSLv3 上发现了一个错误 (security.stackexchange.com/a/70724),并且大多数实现将不再允许它。您应该改用SecurityProtocolType.Tls12。
请注意,使用此解决方案意味着 any 服务器证书将被视为有效(因为 ServerCertificateValidationCallback 始终返回 true)
使用Method = "HEAD" 进行故障排除?【参考方案10】:
我发现证书的类型也很重要。
我有一个证书是:
(以下输出在 mmc ,证书属性中)
数字签名、密钥加密 (a0)
(下面的输出来自我下面的 C# 代码)
X509Extension.X509KeyUsageExtension.KeyUsages='KeyEncipherment, DigitalSignature' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.CrlSign='False' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DataEncipherment='False' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DecipherOnly='False' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DigitalSignature='True' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.EncipherOnly='False' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyAgreement='False' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyCertSign='False' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyEncipherment='True' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.None='False' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.NonRepudiation='False'
以上没有没有工作。
=================================
然后是另一个证书:
(以下输出在 mmc ,证书属性中)
证书签名、离线 CRL 签名、CRL 签名 (06)
(下面的输出来自我下面的 C# 代码)
X509Extension.X509KeyUsageExtension.KeyUsages='CrlSign, KeyCertSign' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.CrlSign='True' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DataEncipherment='False' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DecipherOnly='False' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DigitalSignature='False' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.EncipherOnly='False' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyAgreement='False' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyCertSign='True' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyEncipherment='False' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.None='False' X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.NonRepudiation='False'
它确实有效
下面的代码将允许您检查您的客户端证书
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
namespace MyNamespace
public static class SecurityShower
public static void ShowHttpWebRequest(System.Net.HttpWebRequest hwr)
StringBuilder sb = new StringBuilder();
if (null != hwr)
sb.Append("-----------------------------------------------HttpWebRequest" + System.Environment.NewLine);
sb.Append(string.Format("HttpWebRequest.Address.AbsolutePath='0'", hwr.Address.AbsolutePath) + System.Environment.NewLine);
sb.Append(string.Format("HttpWebRequest.Address.AbsoluteUri='0'", hwr.Address.AbsoluteUri) + System.Environment.NewLine);
sb.Append(string.Format("HttpWebRequest.Address='0'", hwr.Address) + System.Environment.NewLine);
sb.Append(string.Format("HttpWebRequest.RequestUri.AbsolutePath='0'", hwr.RequestUri.AbsolutePath) + System.Environment.NewLine);
sb.Append(string.Format("HttpWebRequest.RequestUri.AbsoluteUri='0'", hwr.RequestUri.AbsoluteUri) + System.Environment.NewLine);
sb.Append(string.Format("HttpWebRequest.RequestUri='0'", hwr.RequestUri) + System.Environment.NewLine);
foreach (X509Certificate cert in hwr.ClientCertificates)
sb.Append("START*************************************************");
ShowX509Certificate(sb, cert);
sb.Append("END*************************************************");
string result = sb.ToString();
Console.WriteLine(result);
public static void ShowCertAndChain(X509Certificate2 cert)
X509Chain chain = new X509Chain();
chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
chain.ChainPolicy.RevocationMode = X509RevocationMode.Offline;
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;
////chain.ChainPolicy.VerificationFlags = X509VerificationFlags.IgnoreCtlSignerRevocationUnknown &&
////X509VerificationFlags.IgnoreRootRevocationUnknown &&
////X509VerificationFlags.IgnoreEndRevocationUnknown &&
////X509VerificationFlags.IgnoreCertificateAuthorityRevocationUnknown &&
////X509VerificationFlags.IgnoreCtlNotTimeValid;
chain.Build(cert);
ShowCertAndChain(cert, chain);
public static void ShowCertAndChain(X509Certificate cert, X509Chain chain)
StringBuilder sb = new StringBuilder();
if (null != cert)
ShowX509Certificate(sb, cert);
if (null != chain)
sb.Append("-X509Chain(Start)-" + System.Environment.NewLine);
////sb.Append(string.Format("Cert.ChainStatus='0'", string.Join(",", chain.ChainStatus.ToList())) + System.Environment.NewLine);
foreach (X509ChainStatus cstat in chain.ChainStatus)
sb.Append(string.Format("X509ChainStatus::'0'-'1'", cstat.Status.ToString(), cstat.StatusInformation) + System.Environment.NewLine);
X509ChainElementCollection ces = chain.ChainElements;
ShowX509ChainElementCollection(sb, ces);
sb.Append("-X509Chain(End)-" + System.Environment.NewLine);
string result = sb.ToString();
Console.WriteLine(result);
private static void ShowX509Extension(StringBuilder sb, int x509ExtensionCount, X509Extension ext)
sb.Append(string.Empty + System.Environment.NewLine);
sb.Append(string.Format("--------X509ExtensionNumber(Start):0", x509ExtensionCount) + System.Environment.NewLine);
sb.Append(string.Format("X509Extension.Critical='0'", ext.Critical) + System.Environment.NewLine);
AsnEncodedData asndata = new AsnEncodedData(ext.Oid, ext.RawData);
sb.Append(string.Format("Extension type: 0", ext.Oid.FriendlyName) + System.Environment.NewLine);
sb.Append(string.Format("Oid value: 0", asndata.Oid.Value) + System.Environment.NewLine);
sb.Append(string.Format("Raw data length: 0 1", asndata.RawData.Length, Environment.NewLine) + System.Environment.NewLine);
sb.Append(asndata.Format(true) + System.Environment.NewLine);
X509BasicConstraintsExtension basicEx = ext as X509BasicConstraintsExtension;
if (null != basicEx)
sb.Append("-X509BasicConstraintsExtension-" + System.Environment.NewLine);
sb.Append(string.Format("X509Extension.X509BasicConstraintsExtension.CertificateAuthority='0'", basicEx.CertificateAuthority) + System.Environment.NewLine);
X509EnhancedKeyUsageExtension keyEx = ext as X509EnhancedKeyUsageExtension;
if (null != keyEx)
sb.Append("-X509EnhancedKeyUsageExtension-" + System.Environment.NewLine);
sb.Append(string.Format("X509Extension.X509EnhancedKeyUsageExtension.EnhancedKeyUsages='0'", keyEx.EnhancedKeyUsages) + System.Environment.NewLine);
foreach (Oid oi in keyEx.EnhancedKeyUsages)
sb.Append(string.Format("------------EnhancedKeyUsages.Oid.FriendlyName='0'", oi.FriendlyName) + System.Environment.NewLine);
sb.Append(string.Format("------------EnhancedKeyUsages.Oid.Value='0'", oi.Value) + System.Environment.NewLine);
X509KeyUsageExtension usageEx = ext as X509KeyUsageExtension;
if (null != usageEx)
sb.Append("-X509KeyUsageExtension-" + System.Environment.NewLine);
sb.Append(string.Format("X509Extension.X509KeyUsageExtension.KeyUsages='0'", usageEx.KeyUsages) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.CrlSign='0'", (usageEx.KeyUsages & X509KeyUsageFlags.CrlSign) != 0) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DataEncipherment='0'", (usageEx.KeyUsages & X509KeyUsageFlags.DataEncipherment) != 0) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DecipherOnly='0'", (usageEx.KeyUsages & X509KeyUsageFlags.DecipherOnly) != 0) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.DigitalSignature='0'", (usageEx.KeyUsages & X509KeyUsageFlags.DigitalSignature) != 0) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.EncipherOnly='0'", (usageEx.KeyUsages & X509KeyUsageFlags.EncipherOnly) != 0) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyAgreement='0'", (usageEx.KeyUsages & X509KeyUsageFlags.KeyAgreement) != 0) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyCertSign='0'", (usageEx.KeyUsages & X509KeyUsageFlags.KeyCertSign) != 0) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.KeyEncipherment='0'", (usageEx.KeyUsages & X509KeyUsageFlags.KeyEncipherment) != 0) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.None='0'", (usageEx.KeyUsages & X509KeyUsageFlags.None) != 0) + System.Environment.NewLine);
sb.Append(string.Format("X509KeyUsageExtension.KeyUsages.X509KeyUsageFlags.NonRepudiation='0'", (usageEx.KeyUsages & X509KeyUsageFlags.NonRepudiation) != 0) + System.Environment.NewLine);
X509SubjectKeyIdentifierExtension skIdEx = ext as X509SubjectKeyIdentifierExtension;
if (null != skIdEx)
sb.Append("-X509SubjectKeyIdentifierExtension-" + System.Environment.NewLine);
sb.Append(string.Format("X509Extension.X509SubjectKeyIdentifierExtension.Oid='0'", skIdEx.Oid) + System.Environment.NewLine);
sb.Append(string.Format("X509Extension.X509SubjectKeyIdentifierExtension.SubjectKeyIdentifier='0'", skIdEx.SubjectKeyIdentifier) + System.Environment.NewLine);
sb.Append(string.Format("--------X509ExtensionNumber(End):0", x509ExtensionCount) + System.Environment.NewLine);
private static void ShowX509Extensions(StringBuilder sb, string cert2SubjectName, X509ExtensionCollection extColl)
int x509ExtensionCount = 0;
sb.Append(string.Format("--------ShowX509Extensions(Start):for:0", cert2SubjectName) + System.Environment.NewLine);
foreach (X509Extension ext in extColl)
ShowX509Extension(sb, ++x509ExtensionCount, ext);
sb.Append(string.Format("--------ShowX509Extensions(End):for:0", cert2SubjectName) + System.Environment.NewLine);
private static void ShowX509Certificate2(StringBuilder sb, X509Certificate2 cert2)
if (null != cert2)
sb.Append(string.Format("X509Certificate2.SubjectName.Name='0'", cert2.SubjectName.Name) + System.Environment.NewLine);
sb.Append(string.Format("X509Certificate2.Subject='0'", cert2.Subject) + System.Environment.NewLine);
sb.Append(string.Format("X509Certificate2.Thumbprint='0'", cert2.Thumbprint) + System.Environment.NewLine);
sb.Append(string.Format("X509Certificate2.HasPrivateKey='0'", cert2.HasPrivateKey) + System.Environment.NewLine);
sb.Append(string.Format("X509Certificate2.Version='0'", cert2.Version) + System.Environment.NewLine);
sb.Append(string.Format("X509Certificate2.NotBefore='0'", cert2.NotBefore) + System.Environment.NewLine);
sb.Append(string.Format("X509Certificate2.NotAfter='0'", cert2.NotAfter) + System.Environment.NewLine);
sb.Append(string.Format("X509Certificate2.PublicKey.Key.KeySize='0'", cert2.PublicKey.Key.KeySize) + System.Environment.NewLine);
////List<X509KeyUsageExtension> keyUsageExtensions = cert2.Extensions.OfType<X509KeyUsageExtension>().ToList();
////List<X509Extension> extensions = cert2.Extensions.OfType<X509Extension>().ToList();
ShowX509Extensions(sb, cert2.Subject, cert2.Extensions);
private static void ShowX509ChainElementCollection(StringBuilder sb, X509ChainElementCollection ces)
int x509ChainElementCount = 0;
foreach (X509ChainElement ce in ces)
sb.Append(string.Empty + System.Environment.NewLine);
sb.Append(string.Format("----X509ChainElementNumber:0", ++x509ChainElementCount) + System.Environment.NewLine);
sb.Append(string.Format("X509ChainElement.Cert.SubjectName.Name='0'", ce.Certificate.SubjectName.Name) + System.Environment.NewLine);
sb.Append(string.Format("X509ChainElement.Cert.Issuer='0'", ce.Certificate.Issuer) + System.Environment.NewLine);
sb.Append(string.Format("X509ChainElement.Cert.Thumbprint='0'", ce.Certificate.Thumbprint) + System.Environment.NewLine);
sb.Append(string.Format("X509ChainElement.Cert.HasPrivateKey='0'", ce.Certificate.HasPrivateKey) + System.Environment.NewLine);
X509Certificate2 cert2 = ce.Certificate as X509Certificate2;
ShowX509Certificate2(sb, cert2);
ShowX509Extensions(sb, cert2.Subject, ce.Certificate.Extensions);
private static void ShowX509Certificate(StringBuilder sb, X509Certificate cert)
sb.Append("-----------------------------------------------" + System.Environment.NewLine);
sb.Append(string.Format("Cert.Subject='0'", cert.Subject) + System.Environment.NewLine);
sb.Append(string.Format("Cert.Issuer='0'", cert.Issuer) + System.Environment.NewLine);
sb.Append(string.Format("Cert.GetPublicKey().Length='0'", cert.GetPublicKey().Length) + System.Environment.NewLine);
X509Certificate2 cert2 = cert as X509Certificate2;
ShowX509Certificate2(sb, cert2);
【讨论】:
【参考方案11】:请查看以下链接一次。 SecurityProtocolType.SsL3 现在已经过时了。
http://codemust.com/poodle-vulnerability-fix-openssl/
【讨论】:
这个问题已经超过 2 年了,我相信他们现在知道 SSL3 是不安全的。【参考方案12】:我必须启用其他安全协议版本才能解决问题:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
| SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12
| SecurityProtocolType.Ssl3;
【讨论】:
迷失 2 天来实现它,反编译 HttpWebRequest 类,但只有切换到 TLS 有帮助。 很高兴知道可以这样设置多个值(当然可以使用枚举来完成)。 @NicholasPetersen 仅供参考,这只能使用带有 Flags 属性的枚举来完成。见msdn.microsoft.com/en-us/library/… 我正在使用 ASP.NET MVC 4,而您的 sn-p 对我不起作用。但我遵循错误消息并通过删除 .Tls11 和 .Tls12 使其工作。谢谢。 对于使用 PaymentExpress 示例代码及其新 UAT 环境 (uat.paymentexpress.com/pxaccess/pxpay.aspx) 的任何人,都需要使用 TLS 1.2 和更新版本。您必须在 'var requestStream = webReq.GetRequestStream();' 之前提供上面提供的答案中的代码行【参考方案13】:这可能是由几件事引起的(最有可能或最不可能):
客户端不信任服务器的 SSL 证书。最简单的检查是将浏览器指向 URL 并查看是否有 SSL 锁定图标。如果你得到一个坏掉的锁,图标,点击它看看问题是什么:
-
过期日期 - 获取新的 SSL 证书
名称不匹配 - 确保您的 URL 使用与证书相同的服务器名称。
未由受信任的机构签署 - 从威瑞信等机构购买证书,或将证书添加到客户的受信任证书存储中。
在测试环境中,您可以更新您的证书验证器以跳过访问检查。不要在生产环境中这样做。
服务器需要客户端 SSL 证书 - 在这种情况下,您必须更新代码以使用客户端证书签署请求。
【讨论】:
除了最后一点之外都很好。客户端证书不用于签署请求,它在握手中提供,因此需要在打开连接之前将其提供给传输。在 javascript 中是如何完成的,留给读者作为练习;-) 如何使用客户端证书进行签名?我添加了 ServicePointManager.ServerCertificateValidationCallback = delegate return true; ,但它仍然给我错误。 您的评论“需要客户端 SSL 证书”帮助我查看了我发送的实际证书......因此我对这个问题的新答案。现在是“duh”时刻,但现在是几个小时前!谢谢以上是关于请求被中止:无法创建 SSL/TLS 安全通道的主要内容,如果未能解决你的问题,请参考以下文章
请求被中止:无法为 HttpWebRequest 创建 SSL/TLS 安全通道
Braintree 中的“请求被中止:无法创建 SSL/TLS 安全通道”错误
请求被中止:无法创建 SSL/TLS 安全通道 - 没有证书