| 以文本方式查看主题 - Foxtable(狐表) (http://foxtable.com/bbs/index.asp) -- 专家坐堂 (http://foxtable.com/bbs/list.asp?boardid=2) ---- 企业微信 GetJsSignature 报 TLS 错误 (http://foxtable.com/bbs/dispbbs.asp?boardid=2&id=195051) |
| -- 作者:zhutangxin -- 发布时间:2025/2/18 2:57:00 -- 企业微信 GetJsSignature 报 TLS 错误 老师: 下述问题怎么解决? (已经试过申请SSL证书,启动 https 服务, 错误是一样的。) 在执行企业微信 GetJsSignature时,如果不启用 TLS 1.2/1.3, 报错如下: 获取jsapi_ticket,原因: { "errcode": 48010, "errmsg": "you are using TLS 1.0/1.1 which is deprecated, please use TLS 1.2 or higher, hint: [1739816396123491785466345], from ip: 119.45.196.00, more info at https://open.work.weixin.qq.com/devtool/query?e=48010" } 企业微信 GetJsSignature 的代码如下: Static CreateTime As Date \'记录最近一次生成Ticket 的时间 Static Ticket As String \'记录最近一次生成的Ticket Dim token As String = Functions.Execute("GetQyWxAccessToken") \' 2024-8-24 If token.Length > 0 Then Dim tp As TimeSpan = Date.Now - CreateTime Dim ul As String = "https://qyapi.weixin.qq.com/cgi-bin/get_jsapi_ticket?access_token={0}" If tp.TotalSeconds > 3600 Then
\' token 正确 Dim hc As New HttpClient(CExp(ul, token))
\' 可以拼出 url: CExp(ul, token) Dim ret As String = hc.GetData() CreateTime = Date.Now() Dim jo As JObject = JObject.Parse(ret) If jo("errcode") = "0" Then Ticket = jo("ticket") Else Output.Logs("token").Add("获取jsapi_ticket,原因:" & vbcrlf & jo.ToString) Output.Logs("token").Save(ProjectPath & "token.txt",True) \'日志位于当前项目目录里 Output.Logs("token").Clear \' 出错点 End If End If Dim signature As String = CExp("jsapi_ticket={0}&noncestr={1}×tamp={2}&url={3}", Ticket, args(0), args(1), args(2)) Return Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(signature, "SHA1").ToLower() End If 在服务器上,按AI的建议,用批处理文件(该文件的代码见最后)修改注册表,启动 TLS 1.2 和 1.3 但登录时会抛出如下错误: 事件/函数: 基础连接已经关闭: 发送时发生错误。 在 System.Net.HttpWebRequest.GetResponse() 在 Foxtable.HttpClient.GetData(Boolean SkipErr) 由于意外的数据包格式,握手失败。 在 System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) 在 System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) 在 System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) 在 System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) 在 System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) 在 System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) 在 System.Net.TlsStream.CallProcessAuthentication(Object state) 在 System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) 在 System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) 在 System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) 在 System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) 在 System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) 在 System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size) 在 System.Net.ConnectStream.WriteHeaders(Boolean async) 修改注册表的批处理文件内容如下: ::65001 代表使用UTF-8编码,避免中文提示乱码 chcp 65001 @echo 正在添加TLS1.2和1.3键(项)...... REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Client" REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Server" REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.3\\Client" REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.3\\Server" @echo 正在添加TLS1.2和1.3值(DWORD)...... REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Client" /v DisabledByDefault /t REG_DWORD /d 0 /f REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Client" /v Enabled /t REG_DWORD /d 1 /f REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Server" /v DisabledByDefault /t REG_DWORD /d 0 /f REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.2\\Server" /v Enabled /t REG_DWORD /d 1 /f REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.3\\Client" /v DisabledByDefault /t REG_DWORD /d 0 /f REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.3\\Client" /v Enabled /t REG_DWORD /d 1 /f REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.3\\Server" /v DisabledByDefault /t REG_DWORD /d 0 /f REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.3\\Server" /v Enabled /t REG_DWORD /d 1 /f @echo 正在添加TLS1.0和1.1键(项)...... REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0\\Client" REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0\\Server" REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Client" REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Server" @echo 正在禁用1.0和1.1低版本TLS协议...... REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0\\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0\\Client" /v Enabled /t REG_DWORD /d 0 /f REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0\\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0\\Server" /v Enabled /t REG_DWORD /d 0 /f REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Client" /v Enabled /t REG_DWORD /d 0 /f REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f REG ADD "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.1\\Server" /v Enabled /t REG_DWORD /d 0 /f @echo TLS配置已完成,请重启电脑,使TLS协议配置生效!!! pause [此贴子已经被作者于2025/2/18 3:19:14编辑过]
|
| -- 作者:有点蓝 -- 发布时间:2025/2/18 8:38:00 -- 在GetJsSignature 第一行前面加上一行: Net.ServicePointManager.SecurityProtocol = Net.SecurityProtocolType.Tls12 如果不行先恢复注册表再试试
|
| -- 作者:zhutangxin -- 发布时间:2025/2/19 10:51:00 -- 我增加了代码如下,问题解决了。 System.Net.ServicePointManager.SecurityProtocol = DirectCast(3072 Or 192, System.Net.SecurityProtocolType) \' 192 对应 Tls(TLS 1.0); 3072 对应 Tls12(TLS 1.2)
|
| -- 作者:有点蓝 -- 发布时间:2025/2/19 11:00:00 -- 直接赋值就行 System.Net.ServicePointManager.SecurityProtocol = 3072
|