我在Stupnel上运行了一个Raspberry Pi,它是apache2服务器的TLS包装器。 我已经configuration它使用TLS-PSK (正确的,我认为),但是当我尝试完成TLS握手时,日志显示如下:
2016.04.11 21:05:53 LOG7[0]: Service [PSK_server] started 2016.04.11 21:05:53 LOG5[0]: Service [PSK_server] accepted connection from 192.168.42.10:4097 2016.04.11 21:05:53 LOG7[0]: SSL state (accept): before/accept initialization 2016.04.11 21:05:53 LOG7[0]: SNI: no virtual services defined 2016.04.11 21:05:53 LOG7[0]: SSL alert (write): fatal: protocol version 2016.04.11 21:05:53 LOG3[0]: SSL_accept: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 2016.04.11 21:05:53 LOG5[0]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2016.04.11 21:05:53 LOG7[0]: Deallocating application specific data for addr index 2016.04.11 21:05:53 LOG7[0]: Local descriptor (FD=3) closed 2016.04.11 21:05:53 LOG7[0]: Service [PSK_server] finished (0 left)</code> 我检查了Wireshark,我发送的数据包都是TLS 1.2。
我的stunnelconfiguration文件如下所示:
output = /etc/stunnel/stunnel.log client = no fips = no ciphers = PSK PSKsecrets = /home/psk.txt debug = 7 sslVersion = TLSv1.2 [PSK_server] accept = PSK_server connect = 80
它发送一个TLS致命的警报数据包,错误代码为70(这是protocol_version,所以它没有告诉我太多的日志)
有点奇怪; 我可以发送Client Hello消息,服务器发送Server Hello和Server Hello Done没有问题。 只有当我发送我的客户端密钥交换消息,我得到警报。 任何帮助/build议,将不胜感激!
我会降级TLS版本
这是从一个覆盆子pi我的工作
options = NO_SSLv2 options = NO_SSLv3 CAFile = /etc/stunnel/server.crt cert = /etc/stunnel/server.crt key = /etc/stunnel/server.key pid = /var/run/stunnel.pid output = /var/log/stunnel verify = 4 debug = 5 [SERVICE] client = yes accept = 127.0.0.1:9200 connect = SERVER.com:1111