服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 允许从本地连接到HTTPS /端口443协议
Intereting Posts
2网卡,外部和内部。 DHCP和DNS设置 Windows更新不断进行相同的更新 Server 2008 R2,Exchange 2010,WMI错误事件10 caching设备的ISP 绝对encryption,甚至在局域网内 你能使用`TLS1`的特定密码`(EDCHE-RSA-AES256-GCM-SHA384)`证书吗? 更换了存储控制器,现在找不到ESXi ZFS挂载点 转换Ubuntu到XUbuntu 缺lessNFS服务链接? “/ MobileAdmin”应用程序中的服务器错误 什么是“.protect”文件夹和“.pemhtaccess”文件? 在Windows Server Core上重新启动较less,这是真的还是一个神话? 与amazon s3与nginx服务静态文件 VMWare-Mount无法识别虚拟磁盘 如何在Windows 7中更改非pipe理员用户的path

允许从本地连接到HTTPS /端口443协议

我们最近设置了一个新的开发服务器,并且在尝试通过SoapClient实例连接API时遇到了问题。 我想我已经缩小了这个问题,因为新服务器无法使用HTTPS协议build立与网站的连接。

我们有服务器上的中间证书包。

mod_ssl被启用
OpenSSL已启用

当试图做一个安全连接的wget我得到以下错误: 

[root@x ~]# wget --http-user=xxxxx --http-passwd=xxxxx --no-check-certificate 'https://www.xxx.com/dev/aspapi/api.asmx?wsdl' --2014-01-23 11:22:26-- https://www.xxx.com/dev/aspapi/api.asmx?wsdl Resolving www.xxx.com... xxx.xx.xxx.xx Connecting to www.xxx.com|xxx.xx.xxx.xx|:443... connected. Unable to establish SSL connection. [root@x ~]#

当从我们的一台生产服务器运行相同的wget ,响应如预期。

我错过了什么?

如上所示,请参阅下面的s_client的输出:

带有-debug选项的s_client 

 openssl s_client -debug -connect www.xxx.com:443 CONNECTED(00000003) write to 0x1fa8690 [0x1fa9ed0] (263 bytes => 263 (0x107)) 0000 - 16 03 01 01 02 01 00 00-fe 03 03 52 e1 18 ad 33 ...........R...3 0010 - 3a cb e7 5c 23 4d 06 76-b0 90 78 2b 1f 00 1d 85 :..\#Mv.x+.... 0020 - a0 8e b6 98 5a 65 f6 7d-39 cf cb 00 00 94 c0 30 ....Ze.}9......0 0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a3 00 9f 00 6b .,.(.$.........k 0040 - 00 6a 00 39 00 38 00 88-00 87 c0 32 c0 2e c0 2a .j.9.8.....2...* 0050 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 12 .&.......=.5.... 0060 - c0 08 00 16 00 13 c0 0d-c0 03 00 0a c0 2f c0 2b ............./.+ 0070 - c0 27 c0 23 c0 13 c0 09-00 a2 00 9e 00 67 00 40 .'.#.........g.@ 0080 - 00 33 00 32 00 9a 00 99-00 45 00 44 c0 31 c0 2d .3.2.....ED1.- 0090 - c0 29 c0 25 c0 0e c0 04-00 9c 00 3c 00 2f 00 96 .).%.......<./.. 00a0 - 00 41 00 07 c0 11 c0 07-c0 0c c0 02 00 05 00 04 .A.............. 00b0 - 00 15 00 12 00 09 00 14-00 11 00 08 00 06 00 03 ................ 00c0 - 00 ff 01 00 00 41 00 0b-00 04 03 00 01 02 00 0a .....A.......... 00d0 - 00 06 00 04 00 18 00 17-00 23 00 00 00 0d 00 22 .........#....." 00e0 - 00 20 06 01 06 02 06 03-05 01 05 02 05 03 04 01 . .............. 00f0 - 04 02 04 03 03 01 03 02-03 03 02 01 02 02 02 03 ................ 0100 - 01 01 00 0f 00 01 01 ....... read from 0x1fa8690 [0x1faf430] (7 bytes => 0 (0x0)) 140276217710408:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 263 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE

-msg选项的s_client 

 openssl s_client -msg -connect www.xxx.com:443 CONNECTED(00000003) >>> TLS 1.2 Handshake [length 0102], ClientHello 01 00 00 fe 03 03 52 e1 18 ff d4 04 98 40 0f 81 ae b0 82 63 69 c8 f7 cb 52 18 41 8b 53 0e cd 8c ec 6a 7c 39 25 e5 00 00 94 c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a3 00 9f 00 6b 00 6a 00 39 00 38 00 88 00 87 c0 32 c0 2e c0 2a c0 26 c0 0f c0 05 00 9d 00 3d 00 35 00 84 c0 12 c0 08 00 16 00 13 c0 0d c0 03 00 0a c0 2f c0 2b c0 27 c0 23 c0 13 c0 09 00 a2 00 9e 00 67 00 40 00 33 00 32 00 9a 00 99 00 45 00 44 c0 31 c0 2d c0 29 c0 25 c0 0e c0 04 00 9c 00 3c 00 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 01 00 00 41 00 0b 00 04 03 00 01 02 00 0a 00 06 00 04 00 18 00 17 00 23 00 00 00 0d 00 22 00 20 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 01 01 00 0f 00 01 01 140507405506376:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 263 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE

带有-state选项的s_client 

 openssl s_client -msg -connect www.xxx.com:443 CONNECTED(00000003) >>> TLS 1.2 Handshake [length 0102], ClientHello 01 00 00 fe 03 03 52 e1 18 ff d4 04 98 40 0f 81 ae b0 82 63 69 c8 f7 cb 52 18 41 8b 53 0e cd 8c ec 6a 7c 39 25 e5 00 00 94 c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a3 00 9f 00 6b 00 6a 00 39 00 38 00 88 00 87 c0 32 c0 2e c0 2a c0 26 c0 0f c0 05 00 9d 00 3d 00 35 00 84 c0 12 c0 08 00 16 00 13 c0 0d c0 03 00 0a c0 2f c0 2b c0 27 c0 23 c0 13 c0 09 00 a2 00 9e 00 67 00 40 00 33 00 32 00 9a 00 99 00 45 00 44 c0 31 c0 2d c0 29 c0 25 c0 0e c0 04 00 9c 00 3c 00 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 01 00 00 41 00 0b 00 04 03 00 01 02 00 0a 00 06 00 04 00 18 00 17 00 23 00 00 00 0d 00 22 00 20 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 01 01 00 0f 00 01 01 140507405506376:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 263 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- [root@kestrel CA]# openssl s_client -state -connect www.xxx.com:443 CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A 140674388653896:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 263 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE ---

您需要获得更多信息(显然),以了解SSL握手失败的原因。 wget -v可能会有所帮助,如果没有的话,可以尝试使用s_client -connect www.xxx.com:443 ,结合使用-state-msg-debug

降级你的openssl版本到最新的1.0.0