SSL握手失败未知协议错误

时间:2016-09-14 10:28:32

标签: ssl curl nginx configuration

我正面临一个问题,当我试图连接到服务器之一,即192.168。通过另一台服务器,即s2s通信导致传输层出错。请在下面找到ssldump。

ssldump -a -A -H -i eth0 host 192.168.11.44
New TCP connection #1: 192.168.11.44(50136) <-> localhost(9065)
 1 1  0.0286 (0.0286)  C>S V3.1(268)  Handshake
  ClientHello
    Version 3.3 
    random[32]=
      95 fa e3 5b f0 17 d0 79 65 37 49 e7 c7 bc 3d 94 
      60 bd d0 f5 c8 69 0a 3a d4 42 76 59 81 3d a4 88 
    cipher suites
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA
    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
    TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
    TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
    TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
    TLS_RSA_WITH_AES_256_GCM_SHA384
    TLS_RSA_WITH_AES_256_CBC_SHA256
    TLS_RSA_WITH_AES_256_CBC_SHA
    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
    TLS_RSA_WITH_3DES_EDE_CBC_SHA
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA
    TLS_DHE_RSA_WITH_SEED_CBC_SHA
    TLS_DHE_DSS_WITH_SEED_CBC_SHA
    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
    TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
    TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
    TLS_RSA_WITH_AES_128_GCM_SHA256
    TLS_RSA_WITH_AES_128_CBC_SHA256
    TLS_RSA_WITH_AES_128_CBC_SHA
    TLS_RSA_WITH_SEED_CBC_SHA
    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
    TLS_EMPTY_RENEGOTIATION_INFO_SCSV
    compression methods
              NULL
 1 2  0.0734 (0.0448)  S>C V3.3(2003)  Handshake
  ServerHello
    Version 3.3 
    random[32]=
      57 d9 18 f8 2a c4 f6 34 68 5b 7e 90 66 25 86 2f 
      b4 ab 09 fa 2b 08 f2 c9 77 d0 c0 26 df 2f a7 34 
    session_id[32]=
      57 d9 18 f8 08 24 50 3f 8d 8a ef f6 12 a2 75 34 
      0c ec b5 c1 4c 94 13 0f d6 ef 37 18 3d ac 25 5a 
    cipherSuite         TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    compressionMethod                   NULL
  Certificate
  ServerKeyExchange
    params
      DH_p[128]=
        ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 
        c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 
        02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd 
        ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 
        4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 
        f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed 
        ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 
        49 28 66 51 ec e6 53 81 ff ff ff ff ff ff ff ff 
      DH_g[1]=
        02 
      DH_Ys[128]=
        6b 28 60 bc d0 53 e0 e7 fa da 32 15 f1 0f 1c a4 
        35 c2 7e c9 9d aa 00 63 e6 a8 6b 34 22 31 16 b2 
        01 0b dc 80 b8 d4 d9 bf d8 d1 fb 90 0f 60 be b9 
        46 4e ed 07 e0 77 30 cb 12 f6 4a 9d db 76 fd f4 
        ac 58 53 a3 c7 40 0b dd 76 b3 60 b6 df 3c 19 78 
        4f d6 b5 41 2d 70 42 40 cd df d5 28 48 88 38 a2 
        b6 18 fb 93 79 b0 3d 4f 00 de 3e d0 58 ef 6c 86 
        b6 3a 5a 30 a9 12 fc c3 2e 11 df 04 6a a2 f3 af 
 Not enough data. Found 258 bytes (expecting 32767)
  ServerHelloDone
 1 3  0.1134 (0.0400)  C>S V3.3(134)  Handshake
  ClientKeyExchange
    DiffieHellmanClientPublicValue[128]=
      80 80 f4 b4 89 d4 a1 de 89 97 12 18 90 3f 4c 94 
      33 86 65 e5 e1 de ed 96 77 57 82 f6 49 5d a7 f6 
      65 f9 6b 39 94 94 20 5c 0d a7 58 d8 b3 ff 06 ef 
      2b 31 43 c0 ee 72 3b e9 9c 6f 85 13 8d 40 5f c7 
      96 b6 f0 9f 6e 2d 69 30 e8 d5 39 80 f0 d4 53 12 
      64 4f 07 d6 f6 7a 5c e4 25 22 eb 93 61 c7 85 f9 
      a5 85 6f 97 03 80 ad 9a 37 9e c2 f6 7a f6 fb 9d 
      9b 78 eb 28 64 7f 3d 89 7b a9 93 03 02 3f cf 56 
 1 4  0.1134 (0.0000)  C>S V3.3(1)  ChangeCipherSpec
 1 5  0.1134 (0.0000)  C>S V3.3(40)  Handshake
 1    0.1310 (0.0175)  S>C  TCP FIN
 1    0.1575 (0.0265)  C>S  TCP FIN

这会出错,而服务器不会分享它的密码规范,而是关闭连接。

在通过ssh隧道通过浏览器建立连接的情况下,它是成功的。请从浏览器中找到以下ssl转储。

New TCP connection #2: 192.168.11.*(50152) <-> localhost(9065)
2 1  0.1802 (0.1802)  C>S V3.1(224)  Handshake
ClientHello
    Version 3.3 
    random[32]=
      62 f3 01 7e 00 15 18 3d 06 6a 99 15 91 55 9f 6c 
      11 ce 17 93 ca 06 9c fd b2 4e bb 6b 07 88 4b 5f 
    resume [32]=
      57 d9 1b ef 9b b7 f9 77 74 8b f8 25 63 da 3a df 
      a7 d9 39 91 fc 38 c1 a5 93 47 7f f5 20 ae 14 68 
    cipher suites
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    Unknown value 0xcca9
    Unknown value 0xcca8
    Unknown value 0xcc14
    Unknown value 0xcc13
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    TLS_RSA_WITH_AES_128_GCM_SHA256
    TLS_RSA_WITH_AES_256_GCM_SHA384
    TLS_RSA_WITH_AES_128_CBC_SHA
    TLS_RSA_WITH_AES_256_CBC_SHA
    TLS_RSA_WITH_3DES_EDE_CBC_SHA
    compression methods
              NULL
2 2  0.1812 (0.0010)  S>C V3.3(81)  Handshake
  ServerHello
    Version 3.3 
    random[32]=
      57 d9 1e c3 89 df 51 9e fb 83 50 c8 be d2 8c 8f 
      64 e0 80 6d b8 3d 7e ec d1 70 d5 48 c7 11 16 56 
    session_id[32]=
      57 d9 1b ef 9b b7 f9 77 74 8b f8 25 63 da 3a df 
      a7 d9 39 91 fc 38 c1 a5 93 47 7f f5 20 ae 14 68 
    cipherSuite         TLS_RSA_WITH_AES_128_GCM_SHA256
    compressionMethod                   NULL
    2 3  0.1813 (0.0000)  S>C V3.3(1)  ChangeCipherSpec
    2 4  0.1814 (0.0001)  S>C V3.3(40)  Handshake
    2 5  0.5386 (0.3571)  C>S V3.3(1)  ChangeCipherSpec
    2 6  0.5386 (0.0000)  C>S V3.3(40)  Handshake
    2 7  0.6705 (0.1319)  C>S V3.3(477)  application_data
2 8  0.6722 (0.0017)  S>C V3.3(199)  application_data
2 9  0.6724 (0.0001)  S>C V3.3(29)  application_data
2 10 0.6725 (0.0001)  S>C V3.3(323)  application_data
2 11 0.6726 (0.0001)  S>C V3.3(26)  application_data
2 12 0.6729 (0.0003)  S>C V3.3(29)  application_data
2    0.6735 (0.0006)  S>C  TCP FIN
2    1.0284 (0.3548)  C>S  TCP FIN

它显示服务器未关闭连接。你们可以帮我一样,部署的服务器证书也是不正确但是我忽略了使用-k curl选项。

简单卷曲到该服务器。

* Rebuilt URL to: https://192.168.116.141:9065/
* Hostname was NOT found in DNS cache
*   Trying 192.168.116.141...
* Connected to 192.168.116.141 (192.168.116.141) port 9065 (#0)
* successfully set certificate verify locations:
*   CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* Unknown SSL protocol error in connection to 192.168.116.141:9065
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to         192.168.116.141:9065

0 个答案:

没有答案