Random Die Anfrage wurde abgebrochen: Sicherer SSL/TLS-Kanal konnte nicht erstellt werden. Zurückgegebene code = MessageAltered

Question

In einer von rund tausend HTTPS-Anfragen, wird folgende Ausnahme ausgelöst:

System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel. 
    at System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request) 
    at System.Net.WebClient.DownloadString(Uri address) 

die Protokolle von System.Net aussehen wie folgt:

2016-09-20 15:10:17.1031 | INFO | 72 | System.Net | [2688] Associating HttpWebRequest#37618637 with ServicePoint#28841767 
2016-09-20 15:10:17.1031 | INFO | 72 | System.Net | [2688] Associating Connection#16407032 with HttpWebRequest#37618637 
2016-09-20 15:10:17.1031 | INFO | 72 | System.Net.Sockets | [2688] Socket#42531032 - Created connection from x.x.x.x:12345 to y.y.y.y:443. 
2016-09-20 15:10:17.1031 | INFO | 72 | System.Net | [2688] Connection#16407032 - Created connection from x.x.x.x:12345 to y.y.y.y:443. 
2016-09-20 15:10:17.1031 | INFO | 72 | System.Net | [2688] TlsStream#54603865::.ctor(host=www.remoteservice.com, #certs=0) 
2016-09-20 15:10:17.1031 | INFO | 72 | System.Net | [2688] Associating HttpWebRequest#37618637 with ConnectStream#27023101 
2016-09-20 15:10:17.1031 | INFO | 72 | System.Net | [2688] HttpWebRequest#37618637 - Request: GET /api/v3/method HTTP/1.1 
2016-09-20 15:10:17.1031 | INFO | 72 | System.Net | [2688] ConnectStream#27023101 - Sending headers 
2016-09-20 15:10:17.1031 | INFO | 72 | System.Net | [2688] SecureChannel#66031633::.ctor(hostname=www.remoteservice.com, #clientCertificates=0, encryptionPolicy=RequireEncryption) 
2016-09-20 15:10:17.1031 | INFO | 72 | System.Net | [2688] SecureChannel#66031633 - Left with 0 client certificates to choose from. 
2016-09-20 15:10:17.1031 | INFO | 72 | System.Net | [2688] Using the cached credential handle. 
2016-09-20 15:10:17.1031 | INFO | 72 | System.Net | [2688] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = www.remoteservice.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation) 
2016-09-20 15:10:17.1031 | INFO | 72 | System.Net | [2688] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=379, returned code=ContinueNeeded). 
2016-09-20 15:10:17.1656 | INFO | 72 | System.Net | [2688] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = e239863c90:3505f981f0, targetName = www.remoteservice.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation) 
2016-09-20 15:10:17.1656 | INFO | 72 | System.Net | [2688] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded). 
2016-09-20 15:10:17.1656 | INFO | 72 | System.Net | [2688] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = e239863c90:3505f981f0, targetName = www.remoteservice.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation) 
2016-09-20 15:10:17.1656 | INFO | 72 | System.Net | [2688] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded). 
2016-09-20 15:10:17.1656 | INFO | 72 | System.Net | [2688] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = e239863c90:3505f981f0, targetName = www.remoteservice.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation) 
2016-09-20 15:10:17.1656 | INFO | 72 | System.Net | [2688] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded). 
2016-09-20 15:10:17.1656 | INFO | 72 | System.Net | [2688] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = e239863c90:3505f981f0, targetName = www.remoteservice.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation) 
2016-09-20 15:10:17.4937 | INFO | 72 | System.Net | [2688] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=574, returned code=ContinueNeeded). 
2016-09-20 15:10:17.5562 | INFO | 72 | System.Net | [2688] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = e239863c90:3505f981f0, targetName = www.remoteservice.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation) 
2016-09-20 15:10:17.5562 | INFO | 72 | System.Net | [2688] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=MessageAltered). 
2016-09-20 15:10:17.5562 | ERROR | 72 | System.Net | [2688] Exception in HttpWebRequest#37618637:: - The request was aborted: Could not create SSL/TLS secure channel.. 
2016-09-20 15:10:17.5562 | ERROR | 72 | System.Net | [2688] Exception in HttpWebRequest#37618637::GetResponse - The request was aborted: Could not create SSL/TLS secure channel.. 
2016-09-20 15:10:17.5562 | ERROR | 72 | System.Net | [2688] Exception in HttpWebRequest#37618637:: - The request was aborted: The request was canceled.. 

Die InitializeSecurityContext Enden mit der Zeile:

InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=MessageAltered) 

Zum Vergleich, hier ist einer der erfolgreichsten HTTPS ruft:

2016-09-20 15:11:21.9128 | INFO | 47 | System.Net | [1900] Associating HttpWebRequest#23767080 with ServicePoint#28841767 
2016-09-20 15:11:21.9128 | INFO | 47 | System.Net | [1900] Associating Connection#23643787 with HttpWebRequest#23767080 
2016-09-20 15:11:21.9128 | INFO | 47 | System.Net.Sockets | [1900] Socket#66957105 - Created connection from x.x.x.x:12345 to y.y.y.y:443. 
2016-09-20 15:11:21.9128 | INFO | 47 | System.Net | [1900] Connection#23643787 - Created connection from x.x.x.x:12345 to y.y.y.y:443. 
2016-09-20 15:11:21.9128 | INFO | 47 | System.Net | [1900] TlsStream#51402822::.ctor(host=www.remoteservice.com, #certs=0) 
2016-09-20 15:11:21.9128 | INFO | 47 | System.Net | [1900] Associating HttpWebRequest#23767080 with ConnectStream#55741749 
2016-09-20 15:11:21.9128 | INFO | 47 | System.Net | [1900] HttpWebRequest#23767080 - Request: GET /api/v3/method/123 HTTP/1.1 
2016-09-20 15:11:21.9128 | INFO | 47 | System.Net | [1900] ConnectStream#55741749 - Sending headers 
2016-09-20 15:11:21.9128 | INFO | 47 | System.Net | [1900] SecureChannel#20739431::.ctor(hostname=www.remoteservice.com, #clientCertificates=0, encryptionPolicy=RequireEncryption) 
2016-09-20 15:11:21.9128 | INFO | 47 | System.Net | [1900] SecureChannel#20739431 - Left with 0 client certificates to choose from. 
2016-09-20 15:11:21.9128 | INFO | 47 | System.Net | [1900] Using the cached credential handle. 
2016-09-20 15:11:21.9128 | INFO | 47 | System.Net | [1900] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = (null), targetName = www.remoteservice.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation) 
2016-09-20 15:11:21.9128 | INFO | 47 | System.Net | [1900] InitializeSecurityContext(In-Buffer length=0, Out-Buffer length=379, returned code=ContinueNeeded). 
2016-09-20 15:11:21.9909 | INFO | 47 | System.Net | [1900] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = e239863c90:3505fb0480, targetName = www.remoteservice.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation) 
2016-09-20 15:11:21.9909 | INFO | 47 | System.Net | [1900] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded). 
2016-09-20 15:11:21.9909 | INFO | 47 | System.Net | [1900] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = e239863c90:3505fb0480, targetName = www.remoteservice.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation) 
2016-09-20 15:11:21.9909 | INFO | 47 | System.Net | [1900] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded). 
2016-09-20 15:11:21.9909 | INFO | 47 | System.Net | [1900] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = e239863c90:3505fb0480, targetName = www.remoteservice.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation) 
2016-09-20 15:11:21.9909 | INFO | 47 | System.Net | [1900] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded). 
2016-09-20 15:11:21.9909 | INFO | 47 | System.Net | [1900] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = e239863c90:3505fb0480, targetName = www.remoteservice.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation) 
2016-09-20 15:11:22.3190 | INFO | 47 | System.Net | [1900] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=574, returned code=ContinueNeeded). 
2016-09-20 15:11:22.3815 | INFO | 47 | System.Net | [1900] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = e239863c90:3505fb0480, targetName = www.remoteservice.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation) 
2016-09-20 15:11:22.7878 | INFO | 47 | System.Net | [1900] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded). 
2016-09-20 15:11:22.7878 | INFO | 47 | System.Net | [1900] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = e239863c90:3505fb0480, targetName = www.remoteservice.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation) 
2016-09-20 15:11:22.7878 | INFO | 47 | System.Net | [1900] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=ContinueNeeded). 
2016-09-20 15:11:22.7878 | INFO | 47 | System.Net | [1900] InitializeSecurityContext(credential = System.Net.SafeFreeCredential_SECURITY, context = e239863c90:3505fb0480, targetName = www.remoteservice.com, inFlags = ReplayDetect, SequenceDetect, Confidentiality, AllocateMemory, InitManualCredValidation) 
2016-09-20 15:11:22.7878 | INFO | 47 | System.Net | [1900] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=OK). 
2016-09-20 15:11:22.7878 | INFO | 47 | System.Net | [1900] Remote certificate: [Version] V3 (more info on certificate here) 
2016-09-20 15:11:22.7878 | INFO | 47 | System.Net | [1900] SecureChannel#20739431 - Remote certificate was verified as valid by the user. 
2016-09-20 15:11:22.7878 | INFO | 47 | System.Net | [1900] ProcessAuthentication(Protocol=Tls12, Cipher=Aes256 256 bit strength, Hash=32781 0 bit strength, Key Exchange=DiffieHellman 4096 bit strength). 
2016-09-20 15:11:22.8971 | INFO | 47 | System.Net | [1900] Connection#23643787 - Received status line: Version=1.1, StatusCode=200, StatusDescription=OK. 
2016-09-20 15:11:22.8971 | INFO | 47 | System.Net | [1900] Connection#23643787 - Received headers 
2016-09-20 15:11:22.8971 | INFO | 47 | System.Net | [1900] ConnectStream#43287324::ConnectStream(Buffered -1 bytes.) 
2016-09-20 15:11:22.8971 | INFO | 47 | System.Net | [1900] Associating HttpWebRequest#23767080 with ConnectStream#43287324 
2016-09-20 15:11:22.8971 | INFO | 47 | System.Net | [1900] Associating HttpWebRequest#23767080 with HttpWebResponse#32954516 
2016-09-20 15:11:22.8971 | INFO | 47 | System.Net | [1900] ContentLength=-1 

Die Servicepoint wie folgt konfiguriert ist:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls; 
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true; 
ServicePointManager.Expect100Continue = false; 
ServicePointManager.DefaultConnectionLimit = 24; 

.NET Framework-Version ist 4.5.

Haben Sie eine Idee, warum das passieren kann?

Answer 1

Aus Schannel Sicht bedeutet MessageAltered: TLS1_ALERT_BAD_RECORD_MAC die gemäß RFC 5246: https://tools.ietf.org/html/rfc5246 bedeutet:

bad_record_mac Diese Warnung, wenn ein Datensatz mit einem falschen MAC empfangen wird zurückgegeben. Diese Warnung muss auch zurückgegeben werden, wenn eine Warnung gesendet wird, weil ein TLSCiphertext in einer ungültigen Weise entschlüsselt: entweder war es kein sogar mehrere der Blocklänge, oder seine Füllwerte, wenn überprüft, waren nicht korrekt. Diese Nachricht ist immer fatal und sollte niemals in der Kommunikation zwischen korrekten Implementierungen beobachtet werden (außer wenn Nachrichten im Netzwerk beschädigt wurden).

Die empfangene Nachricht scheint auf eine Weise beschädigt zu sein, die zum Fehler führt - weil die Entschlüsselung nicht durchgeführt werden kann. Wahrscheinlich müssen Sie sich an den Serverhersteller wenden, um die Seite des Problems zu korrigieren, oder wenn Sie die Serverbenutzer nicht beeinflussen können, versuchen Sie die Anforderung erneut, vorausgesetzt, die nachfolgende Anforderung ist erfolgreich.