我们在客户端TLS面临着一个问题。正如您在下面看到的那样,握手已正确完成,但随后SG客户端不再发送数据,因此连接已关闭。
要测试我正在使用此链接https://caplonsgprd-x.integration.ibmcloud.com:xxxx/PATH/来启动到达为TLS配置的客户端的请求,然后我在日志中看到以下内容:
[Wed Sep 30 14:22:13 2015] [debug] ssl_engine_kernel.c(1907): OpenSSL: Handshake: done
[Wed Sep 30 14:22:13 2015] [info] Connection: Client IP: xx.xx.xx.xx, Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Wed Sep 30 14:22:13 2015] [debug] mod_monitoring.c(213): monitor: Update counters for event 'tls:handshake:done'
[Wed Sep 30 14:22:13 2015] [debug] MonitoringCounter.c(375): monitor: MonitoringCounter_updateCounter (null) TLS_HandshakeSucceed 1
[Wed Sep 30 14:22:13 2015] [debug] mod_monitoring.c(213): monitor: Update counters for event 'tls:handshake:exit'
[Wed Sep 30 14:22:13 2015] [debug] ssl_engine_io.c(1952): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f5eb00011e0 [mem: 7f5ef0751de3] -> Here we expected the client to send the applicative data which is the HTTPS request with the PATH.
[Wed Sep 30 14:22:13 2015] [info] [client xx.xx.xx.xx] (70014)End of file found: SSL input filter read failed.
答案 0 :(得分:1)
我在Bluemix US中完成了为mongodb创建TCP目标的流程,其中客户端TLS启用了自签名证书。
如果上传证书,看起来客户端需要重新启动以获取证书并使用它。重新启动客户端后,应该识别证书并且我能够连接到启用SSL的mongodb。
编辑: Secure Gateway目前不支持上载多个客户端TLS CA文件,因此如果链包含多个CA证书,则客户端将无法连接。