darksky api：TLS 要求已更改，库不再工作

Question

我一直在为 darksky API 使用这个 C# 库包装器：

 https://github.com/amweiss/dark-sky-core

在我的实施中，我每 3 分钟轮询一次以获取预测，我在家庭恒温器网络中使用该预测：

    async void GetForecast()
    {
        // https://darksky.net/dev/docs#forecast-request
        float Temp, DewPoint, WindSpeed, WindChill, Humidity, HeatIndex;
        var client = new DarkSkyService("user-api-key");
        try
        {
            Forecast fc = await client.GetWeatherDataAsync(38.329444, -87.412778);
            Temp = (float)Math.Floor(fc.Currently.Temperature);
            PublishTemp(Temp);

            // for database, get temp,  dewpoint, calculate windchill, calculate heatindex
            DewPoint = (float)fc.Currently.DewPoint;
            WindSpeed = (float)fc.Currently.WindSpeed;
            Humidity = (float)fc.Currently.Humidity;  // range: 0-1
            WindChill = (float)CalculateWindChill(Temp, WindSpeed);
            HeatIndex = (float)CalculateHeatIndex(Temp, Humidity);
            SaveToDatabase(Temp, DewPoint, WindChill, HeatIndex);

            RxForecast = true;
            if (DateTime.Now.Hour != LastForecastHour)
            {
                LatestForecast = fc;
                LastForecastHour = DateTime.Now.Hour;
                PublishForecasts();
            }
        }
        catch (Exception s) {
            RxForecast = false;
        }
     ForecastWaitTime = RxForecast ? FAST_FORECAST_CYCLE : SLOW_FORECAST_CYCLE;
    }

在一周前突然停止工作之前，它已经运行了大约 4 个月。 Darksky 支持人员表示，他们最近实施了安全更新，不再支持最常见的 TLS 密码（引用）：

- TLS 1.0
- TLS 1.1
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA

You can definitively determine whether your app works with the new SSL permissions by testing against
https://api.darksky.net:4433/. If you decide to update SSL on your end, you can test the API by sending a request here: https://api.darksky.net:4433/v1/status.txt.

Note that we will be making additional security-related updates in the coming weeks so there will be more changes in the near future. We don't have a notification system for alerting users to changes made on our backend but we do offer a feed for our status page, which often includes information about updates that have been or will be made (https://status.darksky.net/). We'll do our very best to make sure we communicate them as we're able to. Additionally, to avoid future disruptions we strongly recommend switching to one of the following, which should carry you through any of the additional security updates that will be applied in the near future:

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

我不知道需要对此代码进行哪些更改才能“更新 TLS”，而且我似乎无法从 darksky 获得更多信息。与此同时，我的警报系统处于静止状态。

我不明白的一点是，如果我在浏览器中输入此 URL：

https://api.darksky.net/forecast/my-api-key/38.329444, -87.412778

它工作正常，并立即返回一个巨大的 JSON 预测字符串。在代码中尝试使用 HttpWebRequest、HttpClient 或 WebClient 会导致不同的“发生错误”异常。总的来说，我更愿意为返回的 Forecast 对象使用易于解释的库。

此 TLS 更新是我在开发环境之外的系统级别执行的操作吗？

或者，我可以切换到 darksky 的替代品吗？

Answer 1

你有两个选择：

1：更新您正在使用的库并重新编译。该问题在其github页面上报告：

https://github.com/jcheng31/DarkSkyApi/issues/28

2：这有点工作，但您可以将预测模块移动到已配置 TLS12 的 Linux/Raspberry Pi。您将不得不在 Python 中重写例程来执行此操作。我验证了这种方法适用于我自己的 PI 网络。