Xamarin 中使用 TLS 1.2 的 Https

Question

我在 Xamarin 中使用 HttpClient 通过 TLS 1.2 向 https 请求，但出现如下错误；

System.AggregateException: One or more errors occurred ---> System.Net.WebException: Error writing headers ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.ProcessAlert (AlertLevel alertLevel, AlertDescription alertDesc) [0x00013] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:574 
  at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult) [0x000d0] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:376 
  --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (IAsyncResult result) [0x00035] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs:425 
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x0000c] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:99 
  --- End of inner exception stack trace ---
  at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult) [0x0005e] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/System/System.Net/HttpWebRequest.cs:969 
  at System.Threading.Tasks.TaskFactory`1[System.Net.WebResponse].InnerInvoke (System.Threading.Tasks.TaskCompletionSource`1 tcs, System.Func`2 endMethod, IAsyncResult l) [0x00000] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Threading.Tasks/TaskFactory_T.cs:473 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000b] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Runtime.ExceptionServices/ExceptionDispatchInfo.cs:62 
  at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[System.Net.WebResponse].GetResult () [0x00034] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Runtime.CompilerServices/ConfiguredTaskAwaitable_T.cs:62 
  at System.Net.Http.HttpClientHandler+<SendAsync>c__async0.MoveNext () [0x002d0] in /Developer/MonoTouch/Source/mono/mcs/class/System.Net.Http/System.Net.Http/HttpClientHandler.cs:338 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000b] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Runtime.ExceptionServices/ExceptionDispatchInfo.cs:62 
  at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[System.Net.Http.HttpResponseMessage].GetResult () [0x00034] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Runtime.CompilerServices/ConfiguredTaskAwaitable_T.cs:62 
  at System.Net.Http.HttpClient+<SendAsyncWorker>c__async0.MoveNext () [0x000a9] in /Developer/MonoTouch/Source/mono/mcs/class/System.Net.Http/System.Net.Http/HttpClient.cs:273 
  --- End of inner exception stack trace ---
  at System.Threading.Tasks.Task.Wait (Int32 millisecondsTimeout, CancellationToken cancellationToken) [0x00049] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Threading.Tasks/Task.cs:709 
  at System.Threading.Tasks.Task.Wait () [0x00000] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Threading.Tasks/Task.cs:679 
  at System.Threading.Tasks.Task`1[System.Net.Http.HttpResponseMessage].get_Result () [0x0000b] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Threading.Tasks/Task_T.cs:48 
  at Cucumber.ViewModels.LoginViewModel+<ExecuteLoginCommand>c__async0.MoveNext () [0x00144] in /Users/bachpx1/FSBProjects/FsoftInternalNews/cucumber/xamarin_form/Cucumber/Cucumber.Shared/ViewModels/LoginViewModel.cs:94 
 --> (Inner exception 0) System.Net.WebException: Error writing headers ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
  at Mono.Security.Protocol.Tls.RecordProtocol.ProcessAlert (AlertLevel alertLevel, AlertDescription alertDesc) [0x00013] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:574 
  at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult) [0x000d0] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs:376 
  --- End of inner exception stack trace ---
  at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (IAsyncResult result) [0x00035] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs:425 
  at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) [0x0000c] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslStreamBase.cs:99 
  --- End of inner exception stack trace ---
  at System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult) [0x0005e] in ///Library/Frameworks/Xamarin.iOS.framework/Versions/8.9.1.3/src/mono/mcs/class/System/System.Net/HttpWebRequest.cs:969 
  at System.Threading.Tasks.TaskFactory`1[System.Net.WebResponse].InnerInvoke (System.Threading.Tasks.TaskCompletionSource`1 tcs, System.Func`2 endMethod, IAsyncResult l) [0x00000] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Threading.Tasks/TaskFactory_T.cs:473 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000b] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Runtime.ExceptionServices/ExceptionDispatchInfo.cs:62 
  at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[System.Net.WebResponse].GetResult () [0x00034] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Runtime.CompilerServices/ConfiguredTaskAwaitable_T.cs:62 
  at System.Net.Http.HttpClientHandler+<SendAsync>c__async0.MoveNext () [0x002d0] in /Developer/MonoTouch/Source/mono/mcs/class/System.Net.Http/System.Net.Http/HttpClientHandler.cs:338 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000b] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Runtime.ExceptionServices/ExceptionDispatchInfo.cs:62 
  at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter[System.Net.Http.HttpResponseMessage].GetResult () [0x00034] in /Developer/MonoTouch/Source/mono/mcs/class/corlib/System.Runtime.CompilerServices/ConfiguredTaskAwaitable_T.cs:62 
  at System.Net.Http.HttpClient+<SendAsyncWorker>c__async0.MoveNext () [0x000a9] in /Developer/MonoTouch/Source/mono/mcs/class/System.Net.Http/System.Net.Http/HttpClient.cs:273 

有谁知道如何解决这个问题。我听说 Xamarin 在 Mono 2.0 中存在 TLS 错误。 非常感谢

Answer 1

TLS 在 Mono 中是 not yet fully implemented。这意味着在 Windows 上运行 .NET 应用程序时，您的 HTTPS 请求可能会失败。

Xamarin 部署

由于您使用的是 Xamarin，因此您可以使用 ModernHttpClient，它是原生 iOS / Android 网络库的包装器。

Android、Mac 和 iOS 用户可以获得用于 HTTP 工作负载的最新 TLS 使用 ModernHttpClient。 Mac/iOS 用户可以使用内置 CFNetworkHandler 也是如此。

Linux/Mac 部署

如果您在 Linux/Mac（没有 Xamarin）上部署 Mono，您需要找到一种解决方法来解决缺少 TLS 支持的问题。

想到了两种可能的解决方法：

使用自定义 TLS 实现

尝试使用juhovh/AaltoTLS，它是完全使用 C# 和相关的 .NET 标准加密库编写的 SSL/TLS 网络协议的实现。它将负责 TLS 解密/加密，并且不会使用内置的缺少 Mono 实现。

实现 TLS 代理

构建一个 TLS 代理，它将为您完成 TLS 繁重的工作——您将在 Mono 中将其配置为您的 HTTP 请求的 HTTP 代理，它将接收它们，并查询通过 HTTPS 的目标服务器，处理 Mono 应用程序的加密和解密。

工作流程：

Mono App -> HttpClient 通过 TLS 代理发送 HTTP 请求 -> TLS 代理将 HTTP 请求转换为 HTTPS 并将其发送到目标服务器 -> TLS 代理接收响应 -> TLS 代理以 HTTP 格式向 HttpClient 发送回响应

Node.js 中使用 nodejitsu/node-http-proxy 的 TLS 代理解决方法的示例代码：

// Modules
var http = require('http');
var httpProxy = require('http-proxy');

// Proxy server options
var options = {secure: true}; // Validate remote SSL certificates

// Create a proxy server with custom application logic
var proxy = httpProxy.createProxyServer(options);

// Handle errors gracefully
proxy.on('error', function(e) {
    // Log to console
    console.log(e);
});

// Create server and define custom logic
var server = http.createServer(function(req, res) {
    // URL provided?
    if (req.url) { 
        // Convert to HTTPS
        req.url = req.url.replace('http://', 'https://');
    }

    // Get remote host from headers (and force HTTPS)
    var target = 'https://' + req.headers.host;

    // Proxy the request (target is the server to pass the request on to)
    proxy.web(req, res, { target: target });
});

// Proxy port
var port = 8080;

// Start listening for requests from clients
server.listen(port);

// Log the port number
console.log('proxy.port: ' + port);

Answer 2

在发布版本中发现此错误，但在调试版本中没有。

对于 Xamarin + VS，可以在 Android 项目属性中设置 TLS 1.2（右键单击您的 Android 项目> 底部属性）> Android 选项> 滚动到底部，单击高级> 底部，SSL/TLS 实现。在那里你找到了 Native TLS 1.2+。

Answer 3

我不知道有一个通用的跨平台 Xamarin 解决方案。

Xamarin 可以选择支持 TLS 1.2 for iOS9 with App Transport Security (https://developer.xamarin.com/guides/ios/platform_features/introduction_to_ios9/ats/)：

使用 NSUrlConnection、CFUrl 或 NSUrlSession 建立的任何连接都会 在为 iOS 9 和 OS X 10.11（El 船长）。 ATS 将对所有互联网强制执行以下要求 连接：所有连接密码都必须使用前向保密。这 传输层安全 (TLS) 协议必须是 1.2 版或 更大。至少具有 2048 位的 SHA256 指纹或 更大的 RSA 密钥，或者 256 位或更大的椭圆曲线 (ECC) 密钥必须 用于所有证书。

自 2014 年 4 月以来，社区一直在努力填补这一空白，地址为 https://xamarin.uservoice.com/forums/144858-xamarin-platform-suggestions/suggestions/5758129-implement-tls-1-2。

Answer 4

目前 Mono release 4.8.0 支持 TLS 1.2