我正面临一个问题,当我试图连接到服务器之一,即192.168。通过另一台服务器,即s2s通信导致传输层出错。请在下面找到ssldump。
ssldump -a -A -H -i eth0 host 192.168.11.44
New TCP connection #1: 192.168.11.44(50136) <-> localhost(9065)
1 1 0.0286 (0.0286) C>S V3.1(268) Handshake
ClientHello
Version 3.3
random[32]=
95 fa e3 5b f0 17 d0 79 65 37 49 e7 c7 bc 3d 94
60 bd d0 f5 c8 69 0a 3a d4 42 76 59 81 3d a4 88
cipher suites
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_DHE_DSS_WITH_SEED_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression methods
NULL
1 2 0.0734 (0.0448) S>C V3.3(2003) Handshake
ServerHello
Version 3.3
random[32]=
57 d9 18 f8 2a c4 f6 34 68 5b 7e 90 66 25 86 2f
b4 ab 09 fa 2b 08 f2 c9 77 d0 c0 26 df 2f a7 34
session_id[32]=
57 d9 18 f8 08 24 50 3f 8d 8a ef f6 12 a2 75 34
0c ec b5 c1 4c 94 13 0f d6 ef 37 18 3d ac 25 5a
cipherSuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
compressionMethod NULL
Certificate
ServerKeyExchange
params
DH_p[128]=
ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34
c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74
02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd
ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37
4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6
f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed
ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6
49 28 66 51 ec e6 53 81 ff ff ff ff ff ff ff ff
DH_g[1]=
02
DH_Ys[128]=
6b 28 60 bc d0 53 e0 e7 fa da 32 15 f1 0f 1c a4
35 c2 7e c9 9d aa 00 63 e6 a8 6b 34 22 31 16 b2
01 0b dc 80 b8 d4 d9 bf d8 d1 fb 90 0f 60 be b9
46 4e ed 07 e0 77 30 cb 12 f6 4a 9d db 76 fd f4
ac 58 53 a3 c7 40 0b dd 76 b3 60 b6 df 3c 19 78
4f d6 b5 41 2d 70 42 40 cd df d5 28 48 88 38 a2
b6 18 fb 93 79 b0 3d 4f 00 de 3e d0 58 ef 6c 86
b6 3a 5a 30 a9 12 fc c3 2e 11 df 04 6a a2 f3 af
Not enough data. Found 258 bytes (expecting 32767)
ServerHelloDone
1 3 0.1134 (0.0400) C>S V3.3(134) Handshake
ClientKeyExchange
DiffieHellmanClientPublicValue[128]=
80 80 f4 b4 89 d4 a1 de 89 97 12 18 90 3f 4c 94
33 86 65 e5 e1 de ed 96 77 57 82 f6 49 5d a7 f6
65 f9 6b 39 94 94 20 5c 0d a7 58 d8 b3 ff 06 ef
2b 31 43 c0 ee 72 3b e9 9c 6f 85 13 8d 40 5f c7
96 b6 f0 9f 6e 2d 69 30 e8 d5 39 80 f0 d4 53 12
64 4f 07 d6 f6 7a 5c e4 25 22 eb 93 61 c7 85 f9
a5 85 6f 97 03 80 ad 9a 37 9e c2 f6 7a f6 fb 9d
9b 78 eb 28 64 7f 3d 89 7b a9 93 03 02 3f cf 56
1 4 0.1134 (0.0000) C>S V3.3(1) ChangeCipherSpec
1 5 0.1134 (0.0000) C>S V3.3(40) Handshake
1 0.1310 (0.0175) S>C TCP FIN
1 0.1575 (0.0265) C>S TCP FIN
这会出错,而服务器不会分享它的密码规范,而是关闭连接。
在通过ssh隧道通过浏览器建立连接的情况下,它是成功的。请从浏览器中找到以下ssl转储。
New TCP connection #2: 192.168.11.*(50152) <-> localhost(9065)
2 1 0.1802 (0.1802) C>S V3.1(224) Handshake
ClientHello
Version 3.3
random[32]=
62 f3 01 7e 00 15 18 3d 06 6a 99 15 91 55 9f 6c
11 ce 17 93 ca 06 9c fd b2 4e bb 6b 07 88 4b 5f
resume [32]=
57 d9 1b ef 9b b7 f9 77 74 8b f8 25 63 da 3a df
a7 d9 39 91 fc 38 c1 a5 93 47 7f f5 20 ae 14 68
cipher suites
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Unknown value 0xcca9
Unknown value 0xcca8
Unknown value 0xcc14
Unknown value 0xcc13
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
compression methods
NULL
2 2 0.1812 (0.0010) S>C V3.3(81) Handshake
ServerHello
Version 3.3
random[32]=
57 d9 1e c3 89 df 51 9e fb 83 50 c8 be d2 8c 8f
64 e0 80 6d b8 3d 7e ec d1 70 d5 48 c7 11 16 56
session_id[32]=
57 d9 1b ef 9b b7 f9 77 74 8b f8 25 63 da 3a df
a7 d9 39 91 fc 38 c1 a5 93 47 7f f5 20 ae 14 68
cipherSuite TLS_RSA_WITH_AES_128_GCM_SHA256
compressionMethod NULL
2 3 0.1813 (0.0000) S>C V3.3(1) ChangeCipherSpec
2 4 0.1814 (0.0001) S>C V3.3(40) Handshake
2 5 0.5386 (0.3571) C>S V3.3(1) ChangeCipherSpec
2 6 0.5386 (0.0000) C>S V3.3(40) Handshake
2 7 0.6705 (0.1319) C>S V3.3(477) application_data
2 8 0.6722 (0.0017) S>C V3.3(199) application_data
2 9 0.6724 (0.0001) S>C V3.3(29) application_data
2 10 0.6725 (0.0001) S>C V3.3(323) application_data
2 11 0.6726 (0.0001) S>C V3.3(26) application_data
2 12 0.6729 (0.0003) S>C V3.3(29) application_data
2 0.6735 (0.0006) S>C TCP FIN
2 1.0284 (0.3548) C>S TCP FIN
它显示服务器未关闭连接。你们可以帮我一样,部署的服务器证书也是不正确但是我忽略了使用-k curl选项。
简单卷曲到该服务器。
* Rebuilt URL to: https://192.168.116.141:9065/
* Hostname was NOT found in DNS cache
* Trying 192.168.116.141...
* Connected to 192.168.116.141 (192.168.116.141) port 9065 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* Unknown SSL protocol error in connection to 192.168.116.141:9065
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to 192.168.116.141:9065