服务器 Gind.cn
  1. 服务器 Gind.cn
  3. SSL连接警报汉莎失败
Intereting Posts
设置Windows 2008 R2标准为Internet网关 如何在RHEL5上安装git / git-svn并进行自定义的perl安装? Sonicwall后面的Websever,网关超时 在Windows Vista上,有没有办法允许应用程序始终以提升的权限运行? select哪个Memcache版本 ESXi如何拥有1个核心和4个套接字? 我应该指定SRVlogging“_jabber._tcp”吗? 登台环境下,如何处理域名? 有没有办法在Linux OpenVZ容器上使用pam_tty_audit? 如何续订Synology DSM上的letsencrypt SSL证书? Windows XP中的L2TP和IPSEC:我在哪里放置IPSEC组名? 克隆KVM虚拟机同时运行的最快方法(创build分支虚拟机) MongoDB默认端口改变 我的AD域和DNS域名是一样的。 这可以通过SRV secords解决吗? 优化nginx站点configuration

SSL连接警报汉莎失败

我在build立客户端和服务器之间的连接时遇到问题。我在客户端和服务器上使用自己的签名证书。 我使用SSL密码SSLCipherSuite ECDH-ECDSA-AES128-SHA和一些build议,我应该使用prime256v1椭圆曲线(我不知道这是什么意思)。我;米使用apache的tomcat服务器。我的httpd- ssl-virtual-host-conf看起来像这样

ssl读取字节sslv3警报handshake_failure 

Listen 4445 ## ## SSL Virtual Host Context ## Include "conf/httpd-jk.conf" <VirtualHost *:4445> #General setup for the virtual host DocumentRoot "htdocs" ServerName ocu1.totalsoft.ro ServerAdmin [email protected] ErrorLog "logs/error_log" TransferLog "logs/access_log" CustomLog logs/car2x.log combined #JKMount /car2x/* worker1 JKMount /BTS/* worker1 #<Location "/car2x/WEB-INF/"> <Location "/BTS/WEB-INF/"> deny from all </Location> JkMountCopy On <Directory "htdocs"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLProtocol -All +SSLv3 +TLSv1 # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite ECDH-ECDSA-AES128-SHA #SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+SSLv3:+TLSv1:+EXP:+eNULL # This is only for allowed ciphers specified within the core service communication document #SSLCipherSuite HIGH:+MEDIUM:+LOW:+SSLv3:+TLSv1:+ECDH-ECDSA-AES128-SHA:+ECDHE-ECDSA-AES256-SHA:+ECDH-ECDSA-AES128-SHA256 #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; #SSLCipherSuite AES128-SHA #SSLCertificateFile "conf/server-cert.pem" #SSLCertificateFile "conf/resource/server-cert.pem" SSLCertificateFile "conf/resource/Bucharest4.pem" #SSLCertificateFile "conf/server-dsa.crt" #SSLCertificateKeyFile "conf/server-key.pem" #SSLCertificateKeyFile "conf/server-key.pem" SSLCertificateKeyFile "conf/resource/Bucharest4_key.pem" SSLCACertificateFile "conf/ca.pem" SSLVerifyClient optional_no_ca #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire SSLOptions +ExportCertData #<FilesMatch "\.(cgi|shtml|phtml|php)$"> # SSLOptions +StdEnvVars #</FilesMatch> <Directory "cgi-bin"> SSLOptions +StdEnvVars </Directory> I'm getting the followinq error on the client side D/https(1153): INFO TEXT: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

但是,当我试图连接openssl s_client -ciphers ECDH-ECDSA-AES-SHA -connect ocu1.totalsoft.ro -k它的作品?

我可以提供wireshark日志。 在那个日志中,我收到了很多客户端hello,但没有服务器hello。 相反,我收到sslv3 alert with number 40 (hanshake_failure)