我正在尝试检查configuration的SSL协议版本。 我在(jbossA7.2)的初始化脚本的standalone.xml和TLsv1中configuration了TLSV1,1.2。 当我尝试运行下面的命令来检查TLS版本时,它给tls1以下的错误,但tls1_2工作正常。
openssl s_client -connect <servername>:<portno> -tls1 CONNECTED(00000003) 140599791617864:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1275:SSL alert number 40 140599791617864:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session:
但是在同一台服务器上有类似tls1_2configuration。
openssl s_client -connect <servername>:<portno> -tls1_2 CONNECTED(00000003) depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority verify return:1 depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Organization Validation Secure Server CA verify return:1 ..... ... No client certificate CA names sent Server Temp Key: ECDH, secp521r1, 521 bits --- SSL handshake has read 5217 bytes and written 497 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-SHA384 .... .. .. Verify return code: 0 (ok) ---
什么东西丢失了,怎样才能解决这个问题。