如何在linux上将安全websocket(wss://)隧道传送到不安全的websocket(ws://)(stunnel?)

时间:2014-09-03 12:22:49

标签: ssl https websocket stunnel

我有一个古老的套接字服务器脚本,它只能使用不安全的ws://套接字。

我将我的网站升级为使用https://,并且不再可以使用与ws://的websocket连接,浏览器生成错误消息,连接被阻止,我必须使用wss://

我正在使用linux(centos)。有没有什么容易从wss://到两个端口上的ws://设置隧道?

我找到了stunnel,但是我无法让它正常工作,是否有其他方法可以做到这一点?

我用stunnel尝试了什么:

[websocket]
accept = 9301
connect = localhost:9300

我也尝试过:

[https]
accept  = www.flirtzo.eu:9001
connect = localhost:9000

但我没有成功。我希望有人知道一个正确的解决方案或修复。非常感谢你。

[编辑] 这是来自stunnel的日志文件:

2014.09.04 12:45:33 LOG7[52433:139838877431744]: Snagged 64 random bytes from /root/.rnd
2014.09.04 12:45:33 LOG7[52433:139838877431744]: Wrote 1024 new random bytes to /root/.rnd
2014.09.04 12:45:33 LOG7[52433:139838877431744]: RAND_status claims sufficient entropy for the PRNG
2014.09.04 12:45:33 LOG7[52433:139838877431744]: PRNG seeded successfully
2014.09.04 12:45:33 LOG7[52433:139838877431744]: Certificate: /home/flirtzo/ssl.cert
2014.09.04 12:45:33 LOG7[52433:139838877431744]: Certificate loaded
2014.09.04 12:45:33 LOG7[52433:139838877431744]: Key file: /home/flirtzo/ssl.key
2014.09.04 12:45:33 LOG7[52433:139838877431744]: Private key loaded
2014.09.04 12:45:33 LOG7[52433:139838877431744]: SSL context initialized for service websocket
2014.09.04 12:45:33 LOG5[52433:139838877431744]: stunnel 4.29 on x86_64-redhat-linux-gnu with OpenSSL 1.0.0-fips 29 Mar 2010
2014.09.04 12:45:33 LOG5[52433:139838877431744]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
2014.09.04 12:45:33 LOG6[52433:139838877431744]: file ulimit = 1024 (can be changed with 'ulimit -n')
2014.09.04 12:45:33 LOG6[52433:139838877431744]: poll() used - no FD_SETSIZE limit for file descriptors
2014.09.04 12:45:33 LOG5[52433:139838877431744]: 500 clients allowed
2014.09.04 12:45:33 LOG7[52433:139838877431744]: FD 10 in non-blocking mode
2014.09.04 12:45:33 LOG7[52433:139838877431744]: FD 11 in non-blocking mode
2014.09.04 12:45:33 LOG7[52433:139838877431744]: FD 12 in non-blocking mode
2014.09.04 12:45:33 LOG7[52433:139838877431744]: SO_REUSEADDR option set on accept socket
2014.09.04 12:45:33 LOG7[52433:139838877431744]: websocket bound to 0.0.0.0:9301
2014.09.04 12:45:33 LOG7[52433:139838877431744]: Created pid file /var/run/stunnel_websocket.pid
2014.09.04 12:45:36 LOG7[52433:139838877431744]: websocket accepted FD=13 from 78.165.105.183:58507
2014.09.04 12:45:36 LOG7[52433:139838877427456]: websocket started
2014.09.04 12:45:36 LOG7[52433:139838877427456]: FD 13 in non-blocking mode
2014.09.04 12:45:36 LOG7[52433:139838877427456]: Waiting for a libwrap process
2014.09.04 12:45:36 LOG7[52433:139838877427456]: Acquired libwrap process #0
2014.09.04 12:45:36 LOG7[52433:139838877427456]: Releasing libwrap process #0
2014.09.04 12:45:36 LOG7[52433:139838877427456]: Released libwrap process #0
2014.09.04 12:45:36 LOG7[52433:139838877427456]: websocket permitted by libwrap from 78.165.105.183:58507
2014.09.04 12:45:36 LOG5[52433:139838877427456]: websocket accepted connection from 78.165.105.183:58507
2014.09.04 12:45:36 LOG7[52433:139838877427456]: SSL state (accept): before/accept initialization
2014.09.04 12:45:36 LOG7[52433:139838877427456]: SSL state (accept): SSLv3 read client hello A
2014.09.04 12:45:36 LOG7[52433:139838877427456]: SSL state (accept): SSLv3 write server hello A
2014.09.04 12:45:36 LOG7[52433:139838877427456]: SSL state (accept): SSLv3 write certificate A
2014.09.04 12:45:36 LOG7[52433:139838877427456]: SSL state (accept): SSLv3 write server done A
2014.09.04 12:45:36 LOG7[52433:139838877427456]: SSL state (accept): SSLv3 flush data
2014.09.04 12:45:36 LOG7[52433:139838877427456]: SSL state (accept): SSLv3 read client key exchange A
2014.09.04 12:45:36 LOG7[52433:139838877427456]: SSL state (accept): SSLv3 read finished A
2014.09.04 12:45:36 LOG7[52433:139838877427456]: SSL state (accept): SSLv3 write session ticket A
2014.09.04 12:45:36 LOG7[52433:139838877427456]: SSL state (accept): SSLv3 write change cipher spec A
2014.09.04 12:45:36 LOG7[52433:139838877427456]: SSL state (accept): SSLv3 write finished A
2014.09.04 12:45:36 LOG7[52433:139838877427456]: SSL state (accept): SSLv3 flush data
2014.09.04 12:45:36 LOG7[52433:139838877427456]:    0 items in the session cache
2014.09.04 12:45:36 LOG7[52433:139838877427456]:    0 client connects (SSL_connect())
2014.09.04 12:45:36 LOG7[52433:139838877427456]:    0 client connects that finished
2014.09.04 12:45:36 LOG7[52433:139838877427456]:    0 client renegotiations requested
2014.09.04 12:45:36 LOG7[52433:139838877427456]:    1 server connects (SSL_accept())
2014.09.04 12:45:36 LOG7[52433:139838877427456]:    1 server connects that finished
2014.09.04 12:45:36 LOG7[52433:139838877427456]:    0 server renegotiations requested
2014.09.04 12:45:36 LOG7[52433:139838877427456]:    0 session cache hits
2014.09.04 12:45:36 LOG7[52433:139838877427456]:    0 external session cache hits
2014.09.04 12:45:36 LOG7[52433:139838877427456]:    0 session cache misses
2014.09.04 12:45:36 LOG7[52433:139838877427456]:    0 session cache timeouts
2014.09.04 12:45:36 LOG6[52433:139838877427456]: SSL accepted: new session negotiated
2014.09.04 12:45:36 LOG6[52433:139838877427456]: Negotiated ciphers: AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
2014.09.04 12:45:36 LOG7[52433:139838877427456]: FD 14 in non-blocking mode
2014.09.04 12:45:36 LOG6[52433:139838877427456]: connect_blocking: connecting 127.0.0.1:9300
2014.09.04 12:45:36 LOG7[52433:139838877427456]: connect_blocking: s_poll_wait 127.0.0.1:9300: waiting 10 seconds
2014.09.04 12:45:36 LOG5[52433:139838877427456]: connect_blocking: connected 127.0.0.1:9300
2014.09.04 12:45:36 LOG5[52433:139838877427456]: websocket connected remote server from 127.0.0.1:39519
2014.09.04 12:45:36 LOG7[52433:139838877427456]: Remote FD=14 initialized
2014.09.04 12:45:36 LOG7[52433:139838877427456]: SSL socket closed on SSL_read
2014.09.04 12:45:36 LOG7[52433:139838877427456]: Socket write shutdown
2014.09.04 12:45:36 LOG5[52433:139838877427456]: Connection closed: 0 bytes sent to SSL, 0 bytes sent to socket
2014.09.04 12:45:36 LOG7[52433:139838877427456]: websocket finished (0 left)

[端口stunnel上的tcpdump正在侦听9301]

13:25:18.853411 IP 78.165.105.183.dynamic.ttnet.com.tr.60291 > s1.flirtzo.eu.9301: Flags [S], seq 3851820594, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
    0x0000:  4500 0034 5921 4000 7406 b390 4ea5 69b7
    0x0010:  5fd3 e1e2 eb83 2455 e596 1e32 0000 0000
    0x0020:  8002 2000 4164 0000 0204 05ac 0103 0308
    0x0030:  0101 0402
13:25:18.853430 IP s1.flirtzo.eu.9301 > 78.165.105.183.dynamic.ttnet.com.tr.60291: Flags [S.], seq 3606802872, ack 3851820595, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    0x0000:  4500 0034 0000 4000 4006 40b2 5fd3 e1e2
    0x0010:  4ea5 69b7 2455 eb83 d6fb 71b8 e596 1e33
    0x0020:  8012 3908 df8f 0000 0204 05b4 0101 0402
    0x0030:  0103 0307
13:25:18.925957 IP 78.165.105.183.dynamic.ttnet.com.tr.60291 > s1.flirtzo.eu.9301: Flags [.], ack 1, win 64, length 0
    0x0000:  4500 0028 592b 4000 7406 b392 4ea5 69b7
    0x0010:  5fd3 e1e2 eb83 2455 e596 1e33 d6fb 71b9
    0x0020:  5010 0040 592a 0000 0000 0000 0000
13:25:18.929145 IP 78.165.105.183.dynamic.ttnet.com.tr.60291 > s1.flirtzo.eu.9301: Flags [P.], seq 1:157, ack 1, win 64, length 156
    0x0000:  4500 00c4 592c 4000 7406 b2f5 4ea5 69b7
    0x0010:  5fd3 e1e2 eb83 2455 e596 1e33 d6fb 71b9
    0x0020:  5018 0040 aac7 0000 1603 0100 9701 0000
    0x0030:  9303 03ca 462a f6f4 8c02 b904 a7bb 6bcc
    0x0040:  7031 a59d 2763 dc72 e3b6 3990 6490 442d
    0x0050:  af33 a200 0028 c02b c02f 009e cc14 cc13
    0x0060:  c00a c009 c013 c014 c007 c011 0033 0032
    0x0070:  0039 009c 002f 0035 000a 0005 0004 0100
    0x0080:  0042 ff01 0001 0000 0a00 0800 0600 1700
    0x0090:  1800 1900 0b00 0201 0000 2300 0075 5000
    0x00a0:  0000 0500 0501 0000 0000 0012 0000 000d
    0x00b0:  0012 0010 0401 0501 0201 0403 0503 0203
    0x00c0:  0402 0202
13:25:18.929162 IP s1.flirtzo.eu.9301 > 78.165.105.183.dynamic.ttnet.com.tr.60291: Flags [.], ack 157, win 123, length 0
    0x0000:  4500 0028 c34b 4000 4006 7d72 5fd3 e1e2
    0x0010:  4ea5 69b7 2455 eb83 d6fb 71b9 e596 1ecf
    0x0020:  5010 007b 5853 0000
13:25:18.932573 IP s1.flirtzo.eu.9301 > 78.165.105.183.dynamic.ttnet.com.tr.60291: Flags [.], seq 1:1453, ack 157, win 123, length 1452
    0x0000:  4500 05d4 c34c 4000 4006 77c5 5fd3 e1e2
    0x0010:  4ea5 69b7 2455 eb83 d6fb 71b9 e596 1ecf
    0x0020:  5010 007b ffd8 0000 1603 0300 3d02 0000
    0x0030:  3903 0354 084c 1ec7 2b57 eac5 c7bc 4747
    0x0040:  6cc9 bb68 3450 2af1 348c 6287 fa30 efec
    0x0050:  b734 f400 c02f 0000 11ff 0100 0100 000b
    0x0060:  0004 0300 0102 0023 0000 1603 0305 380b
    0x0070:  0005 3400 0531 0005 2e30 8205 2a30 8204
    0x0080:  12a0 0302 0102 0203 14f7 2030 0d06 092a
    0x0090:  8648 86f7 0d01 0105 0500 303c 310b 3009
    0x00a0:  0603 5504 0613 0255 5331 1730 1506 0355
    0x00b0:  040a 130e 4765 6f54 7275 7374 2c20 496e
    0x00c0:  632e 3114 3012 0603 5504 0313 0b52 6170
    0x00d0:  6964 5353 4c20 4341 301e 170d 3134 3039
    0x00e0:  3031 3037 3533 3231 5a17 0d31 3530 3930
    0x00f0:  3332 3330 3031 305a 3081 bb31 2930 2706
    0x0100:  0355 0405 1320 6d74 4e70 776d 682d 474b
    0x0110:  3745 506b 756d 4750 7247 3771 6b62 6778
    0x0120:  3151 4b66 3249 3113 3011 0603 5504 0b13
    0x0130:  0a47 5431 3233 3733 3831 3731 3130 2f06
    0x0140:  0355 040b 1328 5365 6520 7777 772e 7261
    0x0150:  7069 6473 736c 2e63 6f6d 2f72 6573 6f75
    0x0160:  7263 6573 2f63 7073 2028 6329 3134 312f
    0x0170:  302d 0603 5504 0b13 2644 6f6d 6169 6e20
    0x0180:  436f 6e74 726f 6c20 5661 6c69 6461 7465
    0x0190:  6420 2d20 5261 7069 6453 534c 2852 2931
    0x01a0:  1530 1306 0355 0403 0c0c 2a2e 666c 6972
    0x01b0:  747a 6f2e 6575 3082 0122 300d 0609 2a86
    0x01c0:  4886 f70d 0101 0105 0003 8201 0f00 3082
    0x01d0:  010a 0282 0101 00a0 563b 974b d126 329b
    0x01e0:  7b13 d82c f848 f21f 810c dd7e a8f6 f971
    0x01f0:  406c 8f1f 04c0 23de a16d eccc 9093 ae76
    0x0200:  c4db afab abfa 0a38 e18e a56d 998b 6355
    0x0210:  a7dd f4a1 e3d1 0009 4e01 9e6a fb45 016c
    0x0220:  0701 8968 efa3 8ae2 8931 2a5a d560 f6a4
    0x0230:  e5f9 04f6 4bac d20b 5045 9991 453d 1ddd
    0x0240:  2c6f 119a 604d df10 a5a0 37c4 c906 6f5c
    0x0250:  27dc a9ce b44d 1286 4ef1 16d7 885d d468
    0x0260:  b3ff 5f68 b9d0 addf 856f 9b37 655f 85cc
    0x0270:  2553 11f9 b791 a1d6 a97d 4b7b f79c 2cf4
    0x0280:  9965 b353 efb5 219e 9ad5 30cc 4a9f 8572
    0x0290:  6a11 82d7 d5d6 e53b 45e1 9b77 a905 129c
    0x02a0:  7818 30fd 0bc6 b26d 4f0b 8f43 81bb 3f46
    0x02b0:  6c53 c4a3 69ba e6e5 8697 d82f aa33 8c03
    0x02c0:  0f67 7188 110d 2641 dc8e 860c 8170 dd47
    0x02d0:  c3a6 11dc 2434 e502 0301 0001 a382 01b3
    0x02e0:  3082 01af 301f 0603 551d 2304 1830 1680
    0x02f0:  146b 693d 6a18 424a dd8f 0265 39fd 3524
    0x0300:  8678 9116 3030 0e06 0355 1d0f 0101 ff04
    0x0310:  0403 0205 a030 1d06 0355 1d25 0416 3014
    0x0320:  0608 2b06 0105 0507 0301 0608 2b06 0105
    0x0330:  0507 0302 3023 0603 551d 1104 1c30 1a82
    0x0340:  0c2a 2e66 6c69 7274 7a6f 2e65 7582 0a66
    0x0350:  6c69 7274 7a6f 2e65 7530 4306 0355 1d1f
    0x0360:  043c 303a 3038 a036 a034 8632 6874 7470
    0x0370:  3a2f 2f72 6170 6964 7373 6c2d 6372 6c2e
    0x0380:  6765 6f74 7275 7374 2e63 6f6d 2f63 726c
    0x0390:  732f 7261 7069 6473 736c 2e63 726c 301d
    0x03a0:  0603 551d 0e04 1604 1431 c610 096f ea04
    0x03b0:  6ab1 6307 e138 3f01 65e3 6f3b 6c30 0c06
    0x03c0:  0355 1d13 0101 ff04 0230 0030 7806 082b
    0x03d0:  0601 0505 0701 0104 6c30 6a30 2d06 082b
    0x03e0:  0601 0505 0730 0186 2168 7474 703a 2f2f
    0x03f0:  7261 7069 6473 736c 2d6f 6373 702e 6765
    0x0400:  6f74 7275 7374 2e63 6f6d 3039 0608 2b06
    0x0410:  0105 0507 3002 862d 6874 7470 3a2f 2f72
    0x0420:  6170 6964 7373 6c2d 6169 612e 6765 6f74
    0x0430:  7275 7374 2e63 6f6d 2f72 6170 6964 7373
    0x0440:  6c2e 6372 7430 4c06 0355 1d20 0445 3043
    0x0450:  3041 060a 6086 4801 86f8 4501 0736 3033
    0x0460:  3031 0608 2b06 0105 0507 0201 1625 6874
    0x0470:  7470 3a2f 2f77 7777 2e67 656f 7472 7573
    0x0480:  742e 636f 6d2f 7265 736f 7572 6365 732f
    0x0490:  6370 7330 0d06 092a 8648 86f7 0d01 0105
    0x04a0:  0500 0382 0101 000d ec47 3465 2a34 27d8
    0x04b0:  9662 8b8b d5fa 0086 ebdd 78c4 1a27 08b4
    0x04c0:  8701 fc9a a99e cc09 f16e 9a40 c6e3 533a
    0x04d0:  1f40 d317 3c25 51ba cec3 0da5 d448 71ee
    0x04e0:  d156 a7a0 4bbf a374 da73 0cd7 1996 2464
    0x04f0:  2ece 1a64 c53f ea6f 5e32 4d9c 0cb0 e527
    0x0500:  4c9b 7eba ba1e 1557 1b07 f848 421f 750c
    0x0510:  fcab 4a0e afac 29c0 499e f0d9 acd9 52e4
    0x0520:  6209 974f 042d 1f03 ccbc 5004 f21a b775
    0x0530:  a11f 12f4 1f4a 11c5 ebd1 8f73 39c6 de45
    0x0540:  64f3 512b d3bc 697e 6240 f118 a11b b9ce
    0x0550:  5100 00d2 0880 0179 7e0b a884 04c7 d7e5
    0x0560:  bfa2 dbab d8a9 4f7a 17f8 7bd8 1a0e cf67
    0x0570:  9680 878c a566 ad4e 5983 f4a8 a73b c58b
    0x0580:  db4a 1b18 eae0 9070 68f1 ade4 c7a2 c68b
    0x0590:  4c8e 9fc3 06e2 6833 fdd0 f4e1 98d3 5c54
    0x05a0:  112f 2a51 9d1f 8a16 0303 014d 0c00 0149
    0x05b0:  0300 1741 04e2 a5a0 5820 ab18 426c 6f74
    0x05c0:  4783 0203 40c6 33eb 97b5 5f0b eaef cab5
    0x05d0:  45fe 3242
13:25:18.932580 IP s1.flirtzo.eu.9301 > 78.165.105.183.dynamic.ttnet.com.tr.60291: Flags [P.], seq 1453:1755, ack 157, win 123, length 302
    0x0000:  4500 0156 c34d 4000 4006 7c42 5fd3 e1e2
    0x0010:  4ea5 69b7 2455 eb83 d6fb 7765 e596 1ecf
    0x0020:  5018 007b fb5a 0000 9644 7c9c d18f c2e0
    0x0030:  0ff8 8ae7 6f8a 1b13 d88d 81fe a956 e8f9
    0x0040:  a382 cd4e f34f 4775 a904 0101 006b 4e33
    0x0050:  d907 216b cf2e 2c7d 138c df69 3e51 a902
    0x0060:  8382 c6df a26f 6c00 b716 b2ae ea76 e47c
    0x0070:  a377 3684 0fc8 ee33 5d57 24cb 0243 4f94
    0x0080:  bea6 1019 5a3a 2966 a3d3 9bc8 191c c7eb
    0x0090:  5402 a886 4365 2bfc 2abd 59c6 97a6 70d1
    0x00a0:  02e3 a1b3 7356 89e4 bbe4 c5fe 4e03 764c
    0x00b0:  5315 2e75 cb29 4167 a42c e2c6 6362 317d
    0x00c0:  ac86 1e40 d8af dbb4 021d 1216 4fc4 72f6
    0x00d0:  772c 214f c1f6 204c a673 634d 141f 221d
    0x00e0:  039f 729c 03e9 250a 10d1 134a 7047 0fa9
    0x00f0:  9180 3664 92da c4ed 19bb 9e4f 66f8 90fb
    0x0100:  f52c 1d79 dc47 5a84 73e5 8871 cca4 0ce2
    0x0110:  ecc8 db69 f4f0 515f 228e 5549 9b64 99ff
    0x0120:  1d5b 3865 0df0 a836 97d5 171a 100c cb55
    0x0130:  3639 0f52 7fd0 7526 ebb6 067d 1752 245f
    0x0140:  9dea c068 02ee 8ada 57b1 4f6e a616 0303
    0x0150:  0004 0e00 0000
13:25:19.028901 IP 78.165.105.183.dynamic.ttnet.com.tr.60291 > s1.flirtzo.eu.9301: Flags [.], ack 1755, win 64, length 0
    0x0000:  4500 0028 5936 4000 7406 b387 4ea5 69b7
    0x0010:  5fd3 e1e2 eb83 2455 e596 1ecf d6fb 7893
    0x0020:  5010 0040 51b4 0000 0000 0000 0000
13:25:19.032832 IP 78.165.105.183.dynamic.ttnet.com.tr.60291 > s1.flirtzo.eu.9301: Flags [P.], seq 157:283, ack 1755, win 64, length 126
    0x0000:  4500 00a6 5938 4000 7406 b307 4ea5 69b7
    0x0010:  5fd3 e1e2 eb83 2455 e596 1ecf d6fb 7893
    0x0020:  5018 0040 d8e2 0000 1603 0300 4610 0000
    0x0030:  4241 0480 e743 b4ca d486 fc66 f233 d481
    0x0040:  1466 d2c6 132c b9de 696d 69fc b6bb efee
    0x0050:  812d bb41 7bf7 5420 888a 6fc6 868a ca1a
    0x0060:  cebf 0730 5d93 4e83 c00f ae8e 0bb1 6daa
    0x0070:  24d5 3414 0303 0001 0116 0303 0028 0000
    0x0080:  0000 0000 0000 f000 d80d c829 2d20 3a03
    0x0090:  e4ca db9c a9d5 0048 6248 716b 171d 4313
    0x00a0:  90fb 13db 1c30
13:25:19.033946 IP s1.flirtzo.eu.9301 > 78.165.105.183.dynamic.ttnet.com.tr.60291: Flags [P.], seq 1755:1981, ack 283, win 123, length 226
    0x0000:  4500 010a c34e 4000 4006 7c8d 5fd3 e1e2
    0x0010:  4ea5 69b7 2455 eb83 d6fb 7893 e596 1f4d
    0x0020:  5018 007b fb0e 0000 1603 0300 aa04 0000
    0x0030:  a600 0038 4000 a07f 78f8 6c03 ba30 68aa
    0x0040:  2525 c10a c48c b360 cc25 1cb2 8d9c ce45
    0x0050:  7127 e55f fefc bb06 6c9f c57e b486 5f50
    0x0060:  3c28 78fa ffc4 baf8 89bc fede 25ce 5f23
    0x0070:  13f4 8ce8 f6dd 6619 f953 44bc d22f 7249
    0x0080:  1041 0c7e be77 5334 df33 5060 242f 2938
    0x0090:  8c7c 4949 760b f290 4224 96a3 04a6 f2ce
    0x00a0:  c415 f804 d0e8 fb80 9cb3 4e82 a231 c65f
    0x00b0:  2089 2244 3456 8162 6abd 6a3b 9301 f4c4
    0x00c0:  2228 2cfa 06e8 b996 418b c2ee fdc9 600f
    0x00d0:  4050 09f1 98c8 3914 0303 0001 0116 0303
    0x00e0:  0028 3078 fb0a 85ce bd8c 8fb1 e4c3 5e2c
    0x00f0:  aaf4 4d69 765e d151 66fb 3550 ff7f f688
    0x0100:  9ea1 0e08 3558 090d eb61
13:25:19.034498 IP s1.flirtzo.eu.9301 > 78.165.105.183.dynamic.ttnet.com.tr.60291: Flags [R.], seq 1981, ack 283, win 123, length 0
    0x0000:  4500 0028 c34f 4000 4006 7d6e 5fd3 e1e2
    0x0010:  4ea5 69b7 2455 eb83 d6fb 7975 e596 1f4d
    0x0020:  5014 007b 5015 0000

[EDIT2] 新的tcpdump:https://www.cloudshark.org/captures/255d70134527

stunnel的配置文件:

foreground = yes
key = /home/flirtzo/ssl.key
cert =  /home/flirtzo/ssl.cert
CAfile = /home/flirtzo/ssl.cert
debug = 7
output = /var/log/stunnel_websocket.log
[websocket]
accept = www.flirtzo.eu:9301
connect = 9300 

关心Arjan

1 个答案:

答案 0 :(得分:1)

基于最后一个pcap的答案,有关详细信息,请参阅问题讨论:

  

客户端只需在成功握手后关闭连接,而不发送任何数据。由于我在ClientHello中没有看到服务器名称扩展名,因此我假设您以IP而非主机名访问服务器,在这种情况下,客户端可能不接受证书(因为名称不匹配)。虽然我希望浏览器将这些内容记录到控制台。

所以看起来主机名验证是真正的问题,从wss:// ip更改为wss:// hostname解决了这个问题。