Bluemix Secure Gateway客户端TLS失败

时间:2015-09-30 17:56:16

标签: ssl ibm-cloud secure-gateway

我们在客户端TLS面临着一个问题。正如您在下面看到的那样,握手已正确完成,但随后SG客户端不再发送数据,因此连接已关闭。

要测试我正在使用此链接https://caplonsgprd-x.integration.ibmcloud.com:xxxx/PATH/来启动到达为TLS配置的客户端的请求,然后我在日志中看到以下内容:

[Wed Sep 30 14:22:13 2015] [debug] ssl_engine_kernel.c(1907): OpenSSL: Handshake: done
[Wed Sep 30 14:22:13 2015] [info] Connection: Client IP: xx.xx.xx.xx, Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Wed Sep 30 14:22:13 2015] [debug] mod_monitoring.c(213): monitor: Update counters for event 'tls:handshake:done'
[Wed Sep 30 14:22:13 2015] [debug] MonitoringCounter.c(375): monitor: MonitoringCounter_updateCounter (null) TLS_HandshakeSucceed 1
[Wed Sep 30 14:22:13 2015] [debug] mod_monitoring.c(213): monitor: Update counters for event 'tls:handshake:exit'

[Wed Sep 30 14:22:13 2015] [debug] ssl_engine_io.c(1952): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f5eb00011e0 [mem: 7f5ef0751de3]  -> Here we expected the client to send the applicative data which is the HTTPS request with the PATH.
[Wed Sep 30 14:22:13 2015] [info] [client xx.xx.xx.xx] (70014)End of file found: SSL input filter read failed.

1 个答案:

答案 0 :(得分:1)

我在Bluemix US中完成了为mongodb创建TCP目标的流程,其中客户端TLS启用了自签名证书。

如果上传证书,看起来客户端需要重新启动以获取证书并使用它。重新启动客户端后,应该识别证书并且我能够连接到启用SSL的mongodb。

编辑: Secure Gateway目前不支持上载多个客户端TLS CA文件,因此如果链包含多个CA证书,则客户端将无法连接。