我使用以下配置部署了一个nginx Web服务
server {
listen 443;
server_name localhost;
root html;
index index.html index.htm;
ssl on;
ssl_certificate /etc/nginx/ssl/current.crt;
ssl_certificate_key /etc/nginx/ssl/current.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://172.16.9.245:33400;
}
location /csconf/ {
proxy_pass http://172.16.9.245:33200;
}
location /websockets/ {
proxy_pass http://172.16.9.245:33143;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
我的客户尝试使用C代码连接到此websocket
.....
const SSL_METHOD *meth = SSLv3_method();
SslCtx = SSL_CTX_new(meth);
SSL_CTX_set_options(SslCtx, SSL_OP_NO_COMPRESSION);
SSL_CTX_set_cipher_list(SslCtx, "RC4-SHA:DEC-CBC3-SHA:DES-CBC-SHA");
.....
int ret = SSL_connect(obj->ssl);
它抛出"错误:14077410:SSL例程:SSL23_GET_SERVER_HELLO:sslv3警报握手失败:s23_clnt.c:741:"
为什么握手错误?请帮我解释一下这个问题。
由于
答案 0 :(得分:0)
我不确定这是否是原因,但它修复了我得到的握手错误:
更改
proxy_set_header Connection "upgrade";
到首都Upgrade
proxy_set_header Connection "Upgrade";