您好,我是 ubuntu 的新用户(安装版本 22.04),我从一开始就遇到问题...目前我正在努力使用 Jetbrains Rider 运行集成测试(我运行应用程序没有任何问题并连接到此数据库)。
我的错误是:
A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: TCP Provider, error: 35 - An internal exception was caught)
System.Security.Authentication.AuthenticationException
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at System.Net.Security.SslStream.ProcessAuthentication(Boolean isAsync, Boolean isApm, CancellationToken cancellationToken)
at System.Net.Security.SslStream.AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at System.Data.SqlClient.SNI.SNITCPHandle.EnableSsl(UInt32 options)
System.TypeInitializationException
The type initializer for 'SslMethods' threw an exception. …在我的 Azure Linux Web 应用程序中,我尝试使用证书对外部提供商执行 API 调用。该调用失败了,但在 Windows 应用服务计划上部署相同的代码时它工作正常。等效的 cURL 命令行是:
curl --cert-type p12 --cert /var/ssl/private/THUMBPRINT.p12 -X POST https://www.example.com
调用失败并出现以下错误:
curl: (58) could not load PKCS12 client certificate, OpenSSL error error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
该问题是由 OpenSSL 1.1.1d 引起的,默认情况下要求安全级别为 2,而我的证书是使用 RSA 加密的 SHA1 进行签名的:
openssl pkcs12 -in THUMBPRINT.p12 -nodes | openssl x509 -noout -text | grep 'Signature Algorithm'
Signature Algorithm: sha1WithRSAEncryption
Signature Algorithm: sha1WithRSAEncryption
在普通的 Linux VM 上,我可以编辑/etc/ssl/openssl/cnf更改
CipherString = DEFAULT@SECLEVEL=2
安全级别为 1,但在 Azure Linux Web 应用程序上,我对该文件所做的更改不会保留。
所以我的问题是:如何更改 …