端口更改的Openssl错误

Question

非常简单的问题。我正在尝试使用Ruby中的OpenSSL来连接服务，但是会出错。

当我使用以下命令时：

openssl s_client -ssl3 -showcerts -connect example.com:443 -tls1 -cipher 'DHE-RSA-AES256-SHA' -nbio_test -state

效果很好！证书会显示所有正确的信息。

但是当我这样做时：

openssl s_client -ssl3 -showcerts -connect example.com:13902 -tls1 -cipher 'DHE-RSA-AES256-SHA' -nbio_test -state

我收到以下错误：

CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:error in SSLv3 write client hello B
write W BLOCK
SSL_connect:SSLv3 write client hello B
SSL3 alert read:fatal:handshake failure
SSL_connect:failed in SSLv3 read server hello A
140735228511072:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1275:SSL alert number 40
140735228511072:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1408456884
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

两个命令之间唯一改变的是端口。其他标志直接从成功请求中复制。换句话说，我先做openssl s_client -showcerts -connect example.com:443，然后将ssl版本，tls版本和密码复制到后两个命令中。

这是openssl或证书的问题吗？如果证书有问题，我该如何解决？ （它是什么？）

---

PS。我能够使用以下代码很好地连接Java，但仍然需要找到一种Ruby方式：

public static void main(String[] args) throws NoSuchAlgorithmException,
        KeyManagementException, IOException {

    TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        public void checkClientTrusted(X509Certificate[] certs,
                String authType) {
        }

        public void checkServerTrusted(X509Certificate[] certs,
                String authType) {
        }
    } };

    final SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

    HostnameVerifier allHostsValid = new HostnameVerifier() {
        public boolean verify(String hostname, SSLSession session) {
            return true;
        }
    };

    HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);

    URL url = new URL("https://example.com:13902");
    URLConnection con = url.openConnection();
    final Reader reader = new InputStreamReader(con.getInputStream());
    final BufferedReader br = new BufferedReader(reader);
    String line = "";
    while ((line = br.readLine()) != null) {
        System.out.println(line);
    }
    br.close();
}

Answer 1

想出来。同时指定了tls1和ssl3。需要指定tls1。谢谢Aria！