Closed 1KOD closed 2 weeks ago
This seems to be the same issue as in https://github.com/dotnet/runtime/issues/98797
The server supports only weak RSA key exchange, see e.g. SSL Labs https://www.ssllabs.com/ssltest/analyze.html?d=servis.turkiye.gov.tr
In the aspnet:8.0
Docker image, no explicit default for cipher suites is configured in /etc/ssl/openssl.cnf
, therefore, .NET applies a rather opinionated strict default which only allows ECDHE key exchange, so client and server have no common cipher suite to communicate with.
You can workaround this by either
copy config from aspnet:7.0
(where the default config explicitly specifies some chiphers) by adding this to the Dockerfile
COPY --from=mcr.microsoft.com/dotnet/aspnet:7.0 /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf
Or modify the openssl.cnf, following addition should make it work
[openssl_init]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
CipherString = DEFAULT@SECLEVEL=2
This seems to be the same issue as in #98797
The server supports only weak RSA key exchange, see e.g. SSL Labs https://www.ssllabs.com/ssltest/analyze.html?d=servis.turkiye.gov.tr
In the
aspnet:8.0
Docker image, no explicit default for cipher suites is configured in/etc/ssl/openssl.cnf
, therefore, .NET applies a rather opinionated strict default which only allows ECDHE key exchange, so client and server have no common cipher suite to communicate with.You can workaround this by either
copy config from
aspnet:7.0
(where the default config explicitly specifies some chiphers) by adding this to the DockerfileCOPY --from=mcr.microsoft.com/dotnet/aspnet:7.0 /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf
Or modify the openssl.cnf, following addition should make it work
[openssl_init] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] CipherString = DEFAULT@SECLEVEL=2
Thank you very much, it helped me.
I have left no method untried for this problem but to no avail.
A Simple Line of Code
Screen Recording
My program is going live and I need urgent help. Thanks to everyone in advance.