我在通过https连接到第三方网站时遇到一些问题,其中连接在CLIENT HELLO上失败,我很难过为什么会发生这种情况。
具有讽刺意味的是,将笔记本电脑切换到备份互联网连接,我能够很好地连接到网站,但它在主要的互联网连接上失败了。这让我相信它不是笔记本电脑。 (遗憾的是,永久切换到备份连接不是一个可行的解决方案)。
使用tcpdump我可以看到数据包来回传输,客户端重新传输hello几次,但永远不会过去。使用OpenSSL进行故障排除,我得到下面的输出。我试过添加-ssl3和-tls1无济于事。有谁知道为什么会发生这种情况以及我如何解决它?
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0x600070920 [0x600070d20] (316 bytes => 316 (0x13C))
0000 - 16 03 01 01 37 01 00 01-33 03 03 07 2f eb a9 10 ....7...3.../...
0010 - e7 e3 03 29 62 46 5b 03-6b cf 3f ab 0a 83 6b fe ...)bF[.k.?...k.
0020 - b1 a6 fa 4c 5f 1a eb 9e-d4 5e 14 00 00 b4 c0 30 ...L_....^.....0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a5 00 a3 00 a1 .,.(.$..........
0040 - 00 9f 00 6b 00 6a 00 69-00 68 00 39 00 38 00 37 ...k.j.i.h.9.8.7
0050 - 00 36 00 88 00 87 00 86-00 85 c0 32 c0 2e c0 2a .6.........2...*
0060 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 2f .&.......=.5.../
0070 - c0 2b c0 27 c0 23 c0 13-c0 09 00 a4 00 a2 00 a0 .+.'.#..........
0080 - 00 9e 00 67 00 40 00 3f-00 3e 00 33 00 32 00 31 ...g.@.?.>.3.2.1
0090 - 00 30 00 9a 00 99 00 98-00 97 00 45 00 44 00 43 .0.........E.D.C
00a0 - 00 42 c0 31 c0 2d c0 29-c0 25 c0 0e c0 04 00 9c .B.1.-.).%......
00b0 - 00 3c 00 2f 00 96 00 41-c0 11 c0 07 c0 0c c0 02 .<./...A........
00c0 - 00 05 00 04 c0 12 c0 08-00 16 00 13 00 10 00 0d ................
00d0 - c0 0d c0 03 00 0a 00 15-00 12 00 0f 00 0c 00 09 ................
00e0 - 00 ff 02 01 00 00 55 00-0b 00 04 03 00 01 02 00 ......U.........
00f0 - 0a 00 1c 00 1a 00 17 00-19 00 1c 00 1b 00 18 00 ................
0100 - 1a 00 16 00 0e 00 0d 00-0b 00 0c 00 09 00 0a 00 ................
0110 - 23 00 00 00 0d 00 20 00-1e 06 01 06 02 06 03 05 #..... .........
0120 - 01 05 02 05 03 04 01 04-02 04 03 03 01 03 02 03 ................
0130 - 03 02 01 02 02 02 03 00-0f 00 01 01 ............
>>> TLS 1.2 [length 0005]
16 03 01 01 37
>>> TLS 1.2 Handshake [length 0137], ClientHello
01 00 01 33 03 03 07 2f eb a9 10 e7 e3 03 29 62
46 5b 03 6b cf 3f ab 0a 83 6b fe b1 a6 fa 4c 5f
1a eb 9e d4 5e 14 00 00 b4 c0 30 c0 2c c0 28 c0
24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00
6a 00 69 00 68 00 39 00 38 00 37 00 36 00 88 00
87 00 86 00 85 c0 32 c0 2e c0 2a c0 26 c0 0f c0
05 00 9d 00 3d 00 35 00 84 c0 2f c0 2b c0 27 c0
23 c0 13 c0 09 00 a4 00 a2 00 a0 00 9e 00 67 00
40 00 3f 00 3e 00 33 00 32 00 31 00 30 00 9a 00
99 00 98 00 97 00 45 00 44 00 43 00 42 c0 31 c0
2d c0 29 c0 25 c0 0e c0 04 00 9c 00 3c 00 2f 00
96 00 41 c0 11 c0 07 c0 0c c0 02 00 05 00 04 c0
12 c0 08 00 16 00 13 00 10 00 0d c0 0d c0 03 00
0a 00 15 00 12 00 0f 00 0c 00 09 00 ff 02 01 00
00 55 00 0b 00 04 03 00 01 02 00 0a 00 1c 00 1a
00 17 00 19 00 1c 00 1b 00 18 00 1a 00 16 00 0e
00 0d 00 0b 00 0c 00 09 00 0a 00 23 00 00 00 0d
00 20 00 1e 06 01 06 02 06 03 05 01 05 02 05 03
04 01 04 02 04 03 03 01 03 02 03 03 02 01 02 02
02 03 00 0f 00 01 01
SSL_connect:SSLv2/v3 write client hello A
read from 0x600070920 [0x600076280] (7 bytes => 0 (0x0))
2283136:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 316 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---
答案 0 :(得分:0)
尝试使用SSLProtocol All +SSLv2 +SSLv3
或SSLProtocol All
答案 1 :(得分:0)
SSL握手已读取0个字节并写入316个字节
这表示服务器或其间的某个中间件(防火墙或类似设备)会立即关闭连接。
我不知道您的互联网连接之间的区别是什么,但我怀疑其中任何一个: