无法从localhost建立SSL连接

Question

我在Tomcat上运行了一个WSO2 Identity服务器，在Ubuntu上的端口9443上有自签名证书。我可以很好地从其他计算机访问它（我只是收到有关自签名证书的警告）。 但是当我尝试从服务器本身访问它时，我从wget获得Unable to establish SSL connection，从openssl获得error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:并Empty reply from server 从卷曲。

以下是openssl s_client -debug -msg -state -connect localhost:9443

的输出

CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0x74f540 [0x74f5c0] (225 bytes => 225 (0xE1))
0000 - 16 03 01 00 dc 01 00 00-d8 03 02 53 7c d7 27 fc   ...........S|.'.
0010 - 3e cc d4 60 3d 99 9d 25-5c 6e 4a d9 36 1a 8a a7   >..`=..%\nJ.6...
0020 - d1 a7 83 7a ba 86 ed b2-f5 03 5c 00 00 66 c0 14   ...z......\..f..
0030 - c0 0a c0 22 c0 21 00 39-00 38 00 88 00 87 c0 0f   ...".!.9.8......
0040 - c0 05 00 35 00 84 c0 12-c0 08 c0 1c c0 1b 00 16   ...5............
0050 - 00 13 c0 0d c0 03 00 0a-c0 13 c0 09 c0 1f c0 1e   ................
0060 - 00 33 00 32 00 9a 00 99-00 45 00 44 c0 0e c0 04   .3.2.....E.D....
0070 - 00 2f 00 96 00 41 c0 11-c0 07 c0 0c c0 02 00 05   ./...A..........
0080 - 00 04 00 15 00 12 00 09-00 14 00 11 00 08 00 06   ................
0090 - 00 03 00 ff 01 00 00 49-00 0b 00 04 03 00 01 02   .......I........
00a0 - 00 0a 00 34 00 32 00 0e-00 0d 00 19 00 0b 00 0c   ...4.2..........
00b0 - 00 18 00 09 00 0a 00 16-00 17 00 08 00 06 00 07   ................
00c0 - 00 14 00 15 00 04 00 05-00 12 00 13 00 01 00 02   ................
00d0 - 00 03 00 0f 00 10 00 11-00 23 00 00 00 0f 00 01   .........#......
00e0 - 01                                                .
>>> TLS 1.1  [length 00dc]
    01 00 00 d8 03 02 53 7c d7 27 fc 3e cc d4 60 3d
    99 9d 25 5c 6e 4a d9 36 1a 8a a7 d1 a7 83 7a ba
    86 ed b2 f5 03 5c 00 00 66 c0 14 c0 0a c0 22 c0
    21 00 39 00 38 00 88 00 87 c0 0f c0 05 00 35 00
    84 c0 12 c0 08 c0 1c c0 1b 00 16 00 13 c0 0d c0
    03 00 0a c0 13 c0 09 c0 1f c0 1e 00 33 00 32 00
    9a 00 99 00 45 00 44 c0 0e c0 04 00 2f 00 96 00
    41 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00
    12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 01
    00 00 49 00 0b 00 04 03 00 01 02 00 0a 00 34 00
    32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 00
    0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00
    04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f 00
    10 00 11 00 23 00 00 00 0f 00 01 01
SSL_connect:unknown state
read from 0x74f540 [0x754b20] (7 bytes => 0 (0x0))
140199307044512:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 225 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

这是server.xml中的连接器配置

<Connector  protocol="org.apache.coyote.http11.Http11NioProtocol"
                port="9443"
                bindOnInit="false"
                sslProtocol="TLS"
                maxHttpHeaderSize="8192"
                acceptorThreadCount="2"
                maxThreads="250"
                minSpareThreads="50"
                disableUploadTimeout="false"
                enableLookups="false"
                connectionUploadTimeout="120000"
                maxKeepAliveRequests="200"
                acceptCount="200"
                server="WSO2 Carbon Server"
                clientAuth="false"
                compression="on"
                scheme="https"
                secure="true"
                SSLEnabled="true"
                compressionMinSize="2048"
                noCompressionUserAgents="gozilla, traviata"
                compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg"
                URIEncoding="UTF-8"/>        

为什么远程一切正常时本地没有证书？

Answer 1

在Ubuntu上安装openssl 1.0.1时出现了一个错误，我认为仍然无法修复。什么是openssl版本，如果是1.0.1，你可以尝试降级。

https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371