Проблема переопределения SSL (SEC_I_RENEGOTIATE) в HttpWebRequest и отсутствие поддержки активности

Question

Мы используем HttpWebRequest для взаимодействия REST, через HTTPS, с поддержкой keep-alive.Это работает, но на стороне сервера (Apache) у нас частые ошибки, такие как: «Ошибка повторного согласования: не принята клиентом!?»

(больше нет информации с подробным ведением журнала)

На стороне клиента, в трассировках System.Net у нас есть сообщение: Decrypt вернул SEC_I_RENEGOTIATE.(более полный журнал ниже).Кроме того, TCP-соединение не используется повторно (keep-alive не работает, хотя работает хорошо, когда я тестирую без SSL).Это значительно замедляет взаимодействие с REST API.

HttpWebRequest настроен с поддержкой активности, сертификатом клиента, обратным вызовом сертификата сервера.Я протестировал и ServicePointManager.SecurityProtocol SSL3, и TLS.

Клиент работает на .NET Framework 3.5 SP1 на Win XP SP3.

Любая помощь в диагностике и исправлении этого будет высоко ценится!Спасибо

Полный журнал:

2011-08-01 21:40:22.702 - System.Net Verbose: 0 : [2320] WebRequest::Create(https://mo.dev.xyz.eu:9969/aaa-web/service/10001/1/utilisateur)
2011-08-01 21:40:22.749 - System.Net Verbose: 0 : [2320] HttpWebRequest#53502362::HttpWebRequest(https://mo.dev.xyz.eu:9969/aaa-web/service/10001/1/utilisateur#2027466596)
2011-08-01 21:40:22.796 - System.Net Verbose: 0 : [2320] Exiting HttpWebRequest#53502362::HttpWebRequest() 
2011-08-01 21:40:22.843 - System.Net Verbose: 0 : [2320] Exiting WebRequest::Create()   -> HttpWebRequest#53502362
2011-08-01 21:40:22.890 - System.Net Verbose: 0 : [2320] HttpWebRequest#53502362::BeginGetResponse()
2011-08-01 21:40:22.936 - System.Net Information: 0 : [2320] Associating HttpWebRequest#53502362 with ServicePoint#62474978
2011-08-01 21:40:22.983 - System.Net Information: 0 : [2320] Associating Connection#13358335 with HttpWebRequest#53502362
2011-08-01 21:40:23.030 - System.Net Verbose: 0 : [2320] Exiting HttpWebRequest#53502362::BeginGetResponse()    -> ContextAwareResult#35634409
2011-08-01 21:40:23.108 - System.Net Information: 0 : [1440] TlsStream#41394993::.ctor(host=mo.dev.xyz.eu, #certs=1)
2011-08-01 21:40:23.155 - System.Net Information: 0 : [1440] Associating HttpWebRequest#53502362 with ConnectStream#28913487
2011-08-01 21:40:23.202 - System.Net Information: 0 : [1440] HttpWebRequest#53502362 - Request: GET /aaa-web/service/10001/1/utilisateur HTTP/1.1

2011-08-01 21:40:23.249 - System.Net Information: 0 : [1440] SecureChannel#41727345::.ctor(hostname=mo.dev.xyz.eu, #clientCertificates=1)
2011-08-01 21:40:23.327 - System.Net Information: 0 : [1440] SecureChannel#41727345 - Attempting to restart the session using the user-provided certificate: [Version]
  V3

[Subject]
  CN=G6-99999615-01, OU=EIB-TPV, O=xyz
  Simple Name: G6-99999615-01
  DNS Name: G6-99999615-01

[Issuer]
  CN=AC-INT-TPV, OU=EIB, O=xyz
  Simple Name: AC-INT-TPV
  DNS Name: AC-INT-TPV

[Serial Number]
  008757A7

[Not Before]
  28/12/2010 23:00:32

[Not After]
  28/12/2020 23:00:32

[Thumbprint]
  3B412465B069579441132DEF6E390BB62637B7AB

[Signature Algorithm]
  sha1RSA(1.2.840.113549.1.1.5)

[Public Key]
  Algorithm: RSA
  Length: 2048
  Key Blob: 30 82 01 0a 02 82 01 01 00 b9 28 16 ea 58 d5 74 5f 2f 71 f1 b0 5d be a8 fb 87 90 6a e9 90 ef 46 8a d0 ae 0f e9 77 17 d5 5b 23 44 82 25 97 a1 2e b0 88 65 5f 6e 2e 42 4d 4e c9 d8 b7 df 43 63 ca 37 ab 80 a6 65 18 b0 6b 62 19 a1 a8 31 23 8c 5d a7 3b 32 65 eb 64 32 4e ff fb 8e 2f 77 d3 97 b2 b3 a7 4c d8 65 fa 18 73 86 3c 79 4e 19 55 e1 b3 28 1c 0c 52 34 ce d9 58 2b f4 c1 ae 0f 38 b2 29 37 ae e6 36 1f b5 89 90 af d8 68 89 c1 87 e5 34 80 13 3a 79 d5 d6 d5 f8 7d 6e ef a6 d2 c7 e0 be c9 2a 88 c3 f2 34 e3 ....
2011-08-01 21:40:23.374 - System.Net Information: 0 : [1440] SecureChannel#41727345 - Left with 1 client certificates to choose from.
2011-08-01 21:40:23.421 - System.Net Information: 0 : [1440] SecureChannel#41727345 - Trying to find a matching certificate in the certificate store.
2011-08-01 21:40:23.499 - System.Net Information: 0 : [1440] SecureChannel#41727345 - Locating the private key for the certificate: [Version]
  V3

[Subject]
  CN=G6-99999615-01, OU=EIB-TPV, O=xyz
  Simple Name: G6-99999615-01
  DNS Name: G6-99999615-01

[Issuer]
  CN=AC-INT-TPV, OU=EIB, O=xyz
  Simple Name: AC-INT-TPV
  DNS Name: AC-INT-TPV

[Serial Number]
  008757A7

[Not Before]
  28/12/2010 23:00:32

[Not After]
  28/12/2020 23:00:32

[Thumbprint]
  3B412465B069579441132DEF6E390BB62637B7AB

[Signature Algorithm]
  sha1RSA(1.2.840.113549.1.1.5)

[Public Key]
  Algorithm: RSA
  Length: 2048
  Key Blob: 30 82 01 0a 02 82 01 01 00 b9 28 16 ea 58 d5 74 5f 2f 71 f1 b0 5d be a8 fb 87 90 6a e9 90 ef 46 8a d0 ae 0f e9 77 17 d5 5b 23 44 82 25 97 a1 2e b0 88 65 5f 6e 2e 42 4d 4e c9 d8 b7 df 43 63 ca 37 ab 80 a6 65 18 b0 6b 62 19 a1 a8 31 23 8c 5d a7 3b 32 65 eb 64 32 4e ff fb 8e 2f 77 d3 97 b2 b3 a7 4c d8 65 fa 18 73 86 3c 79 4e 19 55 e1 b3 28 1c 0c 52 34 ce d9 58 2b f4 c1 ae 0f 38 b2 29 37 ae e6 36 1f b5 89 90 af d8 68 89 c1 87 e5 34 80 13 3a 79 d5 d6 d5 f8 7d 6e ef a6 d2 c7 e0 be c9 2a 88 c3 f2 34 e3 ....
2011-08-01 21:40:23.546 - System.Net Information: 0 : [1440] SecureChannel#41727345 - Certificate is of type X509Certificate2 and contains the private key.
2011-08-01 21:40:23.593 - System.Net Information: 0 : [1440] Using the cached credential handle.
2011-08-01 21:40:23.640 - System.Net Information: 0 : [1440] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = mo.dev.xyz.eu, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
2011-08-01 21:40:23.702 - System.Net Information: 0 : [1440] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=109, returned code=ContinueNeeded).
2011-08-01 21:40:23.765 - System.Net Information: 0 : [1440] ConnectStream#28913487 - Sending headers
{
Accept-Encoding: gzip,gzip
Mo-Version: 2.2.0-SNAPSHOT
User-Agent: xyz
Content-Type: text/xml;charset=UTF-8
Host: mo.dev.xyz.eu:9969
}.
2011-08-01 21:40:23.811 - System.Net Information: 0 : [1440] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 59e7b10:920a0, targetName = mo.dev.xyz.eu, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
2011-08-01 21:40:23.952 - System.Net Information: 0 : [1440] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded).
2011-08-01 21:40:24.030 - System.Net Information: 0 : [1440] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 59e7b10:920a0, targetName = mo.dev.xyz.eu, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
2011-08-01 21:40:24.093 - System.Net Information: 0 : [1440] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded).
2011-08-01 21:40:24.140 - System.Net Information: 0 : [1440] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 59e7b10:920a0, targetName = mo.dev.xyz.eu, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
2011-08-01 21:40:24.186 - System.Net Information: 0 : [1440] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=310, returned code=ContinueNeeded).
2011-08-01 21:40:24.280 - System.Net Information: 0 : [1440] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 59e7b10:920a0, targetName = mo.dev.xyz.eu, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
2011-08-01 21:40:24.327 - System.Net Information: 0 : [1440] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded).
2011-08-01 21:40:24.390 - System.Net Information: 0 : [1440] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = 59e7b10:920a0, targetName = mo.dev.xyz.eu, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation)
2011-08-01 21:40:24.436 - System.Net Information: 0 : [1440] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=OK).
2011-08-01 21:40:24.515 - System.Net Information: 0 : [1440] Remote certificate: [Version]
  V3

[Subject]
  CN=*.dev.xyz.eu, OU=EIB-Servers, O=xyz
  Simple Name: *.dev.xyz.eu
  DNS Name: *.dev.xyz.eu

[Issuer]
  CN=AC-INT-SERVEURS, OU=EIB, O=xyz
  Simple Name: AC-INT-SERVEURS
  DNS Name: AC-INT-SERVEURS

[Serial Number]
  00FDF961

[Not Before]
  13/10/2010 17:40:31

[Not After]
  13/10/2020 17:40:31

[Thumbprint]
  930C9B8BBEBC0F96D19B1714AA7E6682A8816750

[Signature Algorithm]
  sha1RSA(1.2.840.113549.1.1.5)

[Public Key]
  Algorithm: RSA
  Length: 2048
  Key Blob: 30 82 01 0a 02 82 01 01 00 bf e6 03 fe d5 41 ce f1 42 9a a1 cf 2e 53 df 7a 26 d1 0b 8b b1 5d 3b 26 1c e6 fe 8a df bf 44 6b b4 f5 ea e8 74 2a 9a 50 0b b0 3c ac f3 21 59 bf e7 68 c6 6e 59 3e d6 ab 76 52 58 cd f2 9c af dc e6 42 d9 94 b6 7d 41 39 52 19 7b cf 3f 6d 26 bb 76 ea 5d a4 5f b2 ae a4 ef ef a2 3c 17 f2 41 57 9a b5 de 38 5c 13 6e 05 2d a6 3c 21 42 62 68 b3 82 b4 92 4e da 34 f7 83 9f 83 80 0a ab d6 cf b1 bd 6b f2 c0 10 11 04 21 3b 06 5e 21 71 93 ce 12 ba 0e ed 9e 82 d2....
2011-08-01 21:40:24.561 - System.Net Information: 0 : [1440] SecureChannel#41727345 - Remote certificate was verified as valid by the user.
2011-08-01 21:40:24.655 - System.Net Error: 0 : [1440] Decrypt returned SEC_I_RENEGOTIATE.