为客户端应用程序配置传输层安全性 (TLS)Configure Transport Layer Security (TLS) for a client application

为了安全起见,Azure 存储帐户可能要求客户端使用最低版本的传输层安全性 (TLS) 来发送请求。For security purposes, an Azure Storage account may require that clients use a minimum version of Transport Layer Security (TLS) to send requests. 如果客户端使用的 TLS 版本低于所需的最低版本,则对 Azure 存储的调用将失败。Calls to Azure Storage will fail if the client is using a version of TLS that is lower than the minimum required version. 例如,如果存储帐户需要 TLS 1.2,则使用 TLS 1.1 的客户端发送的请求将失败。For example, if a storage account requires TLS 1.2, then a a request sent by a client who is using TLS 1.1 will fail.

本文介绍如何将客户端应用程序配置为使用特定版本的 TLS。This article describes how to configure a client application to use a particular version of TLS. 若要了解如何为 Azure 存储帐户配置所需的最低 TLS 版本,请参阅为存储帐户配置必需的传输层安全性 (TLS) 最低版本For information about how to configure a minimum required version of TLS for an Azure Storage account, see Configure minimum required version of Transport Layer Security (TLS) for a storage account.

配置客户端 TLS 版本Configure the client TLS version

为了使客户端能够使用特定版本的 TLS 发送请求,操作系统必须支持该版本。In order for a client to send a request with a particular version of TLS, the operating system must support that version.

以下示例演示如何通过 PowerShell 或 .NET 将客户端的 TLS 版本设置为 1.2。The following examples show how to set the client's TLS version to 1.2 from PowerShell or .NET. 客户端使用的 .NET Framework 必须支持 TLS 1.2。The .NET Framework used by the client must support TLS 1.2. 有关详细信息,请参阅 TLS 1.2 支持For more information, see Support for TLS 1.2.

以下示例演示如何在 PowerShell 客户端中启用 TLS 1.2:The following sample shows how to enable TLS 1.2 in a PowerShell client:

# Set the TLS version used by the PowerShell client to TLS 1.2.
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;

# Create a new container.
$storageAccount = Get-AzStorageAccount -ResourceGroupName $rgName -Name $accountName
$ctx = $storageAccount.Context
New-AzStorageContainer -Name "sample-container" -Context $ctx

验证客户端使用的 TLS 版本Verify the TLS version used by a client

若要验证客户端是否使用指定版本的 TLS 发送请求,可以使用 Fiddler 或类似工具。To verify that the specified version of TLS was used by the client to send a request, you can use Fiddler or a similar tool. 打开 Fiddler 以开始捕获客户端网络流量,然后执行上一节中的示例之一。Open Fiddler to start capturing client network traffic, then execute one of the examples in the previous section. 查看 Fiddler 跟踪,确认已使用正确版本的 TLS 发送请求,如下图所示。Look at the Fiddler trace to confirm that the correct version of TLS was used to send the request, as shown in the following image.

显示 Fiddler 跟踪的屏幕截图,此跟踪指示根据请求使用的 TLS 版本

后续步骤Next steps