在C＃中的OpenSSL.exe s_client相当于我＃

Question

我有一个三星智能交流（热泵/迷你拆分），并希望做一些自动化。我的Android手机上有一个APP。 通过研究了很多，我发现，我能控制我的交流与OpenSSL.exe这样的：

openssl.exe s_client -connect 192.168.1.154:2878 

连接已经建立再经过我可以再复制/粘贴：

"<Request Type="AuthToken"><User Token="16968012-2892-M993-N707-3738REMOVED" /></Request>" 
"<Request Type="DeviceControl"><Control CommandID="cmd11111" DUID="7825ADREMOVED"><Attr ID="AC_FUN_POWER" Value="On" /></Control></Request>" 

然后AC打开。

问题是我无法自动执行任务，因为我必须等待连接已建立，然后复制/粘贴请求。 Openssl.exe似乎没有采用我可以使用的任何参数。

我已经在Powershell中用Invoke-WebRequest/RestMethod尝试过，但是我得到了SSL/TLS错误。我也尝试在C＃中，但结果相同。

public static bool AcceptAllCertifications(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) 
    { 
     return true; 
    } 
    static void Main(string[] args) 
    { 

     ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications); 
     Uri uri = new Uri("https://192.168.1.154:2878"); 
     WebRequest webRequest = WebRequest.Create(uri); 
     WebResponse webResponse = webRequest.GetResponse(); 
     webResponse.GetResponseStream(); 

     Console.Read(); 

    } 

给了我这个错误

The request was aborted: Could not create SSL/TLS secure channel. 

因此，大家可以看到我甚至不能只是GET /用C＃连接到AC没有得到SSL错误。

我无法弄清楚'Openssl.exe s_client'的工作原理。任何人都可以启发我吗？从OpenSSL的

UPDATE 输出：

 

    C:\Program Files (x86)\GnuWin32\bin>openssl.exe s_client -connect 192.168.1.154:2878 
    Loading 'screen' into random state - done 
    CONNECTED(0000017C) 
    depth=0 /C=KR/L=Suwon/O=Samsung Electronics/OU=Digital Applicance/CN=a287848/emailAddress=moweon.lee@samsung.com 
    verify error:num=20:unable to get local issuer certificate 
    verify return:1 
    depth=0 /C=KR/L=Suwon/O=Samsung Electronics/OU=Digital Applicance/CN=a287848/emailAddress=moweon.lee@samsung.com 
    verify error:num=21:unable to verify the first certificate 
    verify return:1 
    --- 
    Certificate chain 
    0 s:/C=KR/L=Suwon/O=Samsung Electronics/OU=Digital Applicance/CN=a287848/emailAddress=moweon.lee@samsung.com 
     i:/C=KR/L=Suwon/O=Samsung Electronics/OU=Digital Applicance/CN=a287848/emailAddress=moweon.lee@samsung.com 
    --- 
    Server certificate 
    -----BEGIN CERTIFICATE----- 
    MIIDdDCCAt2gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMCS1Ix 
    DjAMBgNVBAcTBVN1d29uMRwwGgYDVQQKExNTYW1zdW5nIEVsZWN0cm9uaWNzMRsw 
    GQYDVQQLExJEaWdpdGFsIEFwcGxpY2FuY2UxEDAOBgNVBAMTB2EyODc4NDgxJTAj 
    BgkqhkiG9w0BCQEWFm1vd2Vvbi5sZWVAc2Ftc3VuZy5jb20wHhcNNzAwMTAxMDkw 
    MDE2WhcNNzAwMjAxMDkwMDE2WjCBkTELMAkGA1UEBhMCS1IxDjAMBgNVBAcTBVN1 
    d29uMRwwGgYDVQQKExNTYW1zdW5nIEVsZWN0cm9uaWNzMRswGQYDVQQLExJEaWdp 
    dGFsIEFwcGxpY2FuY2UxEDAOBgNVBAMTB2EyODc4NDgxJTAjBgkqhkiG9w0BCQEW 
    Fm1vd2Vvbi5sZWVAc2Ftc3VuZy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ 
    AoGBANWEclyhZblo3TwG39hFVZK+LHTICEbgWwHQdAx1RwLFvIgsTFlgHu8Hb0fC 
    AN2Wknx5vb0ks355PycY/xlUY6Rmr3eSU34undtt7jE1K0OYeasUOvxpXyBtmSo6 
    72YtDSN6rh3F6SgOKrUVsQFDCJ2V5CQHxKyH5FFwAmcHUbjzAgMBAAGjgdkwgdYw 
    CQYDVR0TBAIwADAkBglghkgBhvhCAQ0EFxYVIlNhbXN1bmcgZWxlY3Ryb25pY3Mi 
    MB0GA1UdDgQWBBTdhKfUKlp5ocnU6K9BF4smWiDPbzBfBgNVHSMEWDBWoUmkRzBF 
    MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 
    ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkggkAvwoLvHnlSoIwCwYDVR0PBAQDAgUgMBYG 
    A1UdEQQPMA2CC3NhbXN1bmcuY29tMA0GCSqGSIb3DQEBBQUAA4GBAHfi+2JxtpvO 
    6MFZReZkXg+GMOt2UEPqFKpeJGCRdCoKnEmvBMUsp8PaopZ6uy/Z3V4FIhP/wcUv 
    fC1+feizmZkzO3ixThJH6zo3edEjZAA7KBj+ecfLYd/PTXkAfIJFM9RlCfAkbbbc 
    gGSDyBpGJ4wJHhB91bjK8qamUw5LJJrY 
    -----END CERTIFICATE----- 
    subject=/C=KR/L=Suwon/O=Samsung Electronics/OU=Digital Applicance/CN=a287848/emailAddress=moweon.lee@samsung.com 
    issuer=/C=KR/L=Suwon/O=Samsung Electronics/OU=Digital Applicance/CN=a287848/emailAddress=moweon.lee@samsung.com 
    --- 
    No client certificate CA names sent 
    --- 
    SSL handshake has read 1212 bytes and written 202 bytes 
    --- 
    New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA 
    Server public key is 1024 bit 
    Compression: NONE 
    Expansion: NONE 
    SSL-Session: 
     Protocol : TLSv1 
     Cipher : DHE-RSA-AES256-SHA 
     Session-ID: D4576CA26103343877505F0B1726833E7F3C76481EFDEF21B482C4D4FBA 
     Session-ID-ctx: 
     Master-Key: 7609462DC362B422115C370DA282106208842119047CF97F384F3E1B5079AF5CE72A5CF9FA35A41C2D67400672E70CAE 
     Key-Arg : None 
     Start Time: 1498081620 
     Timeout : 300 (sec) 
     Verify return code: 21 (unable to verify the first certificate) 
    --- 
    DRC-1.00 
    

    closed 

Answer 1

你所面临的问题是最有可能的SSL/TLS协议的版本。

您的回拨是正确的。

如果你的服务器只允许SSLv3和TLSv10，并且你的客户端需要TLSv12，那么你将会收到这样的错误。

使它们都使用相同的版本。

使用此：

ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12; 

注：根据您的协议版本，则相应更改占位符。