我想弄清楚为什么outlook.office365.com:993在TLS握手的客户端Hello之后向我的客户端发送RST。我还验证了该框具有所需的DigiCert Global Root CA作为捆绑包的一部分。这是我连接的测试语句
openssl s_client -debug -msg -connect outlook.office365.com:993
CONNECTED(00000003)
write to 0x1b85ef0 [0x1b85f70] (247 bytes => 247 (0xF7))
0000 - 16 03 01 00 f2 01 00 00-ee 03 03 5b 0f 23 30 2d ...........[.#0-
0010 - 6a c0 8d ba a3 46 f8 76-0d e7 ff 5e 63 19 00 bc j....F.v...^c...
0020 - 86 64 40 3e ed 29 fe 5c-28 bc d7 00 00 84 c0 30 .d@>.).\(......0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a3 00 9f 00 6b .,.(.$.........k
0040 - 00 6a 00 39 00 38 00 88-00 87 c0 32 c0 2e c0 2a .j.9.8.....2...*
0050 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 2f .&.......=.5.../
0060 - c0 2b c0 27 c0 23 c0 13-c0 09 00 a2 00 9e 00 67 .+.'.#.........g
0070 - 00 40 00 33 00 32 00 9a-00 99 00 45 00 44 c0 31 .@.3.2.....E.D.1
0080 - c0 2d c0 29 c0 25 c0 0e-c0 04 00 9c 00 3c 00 2f .-.).%.......<./
0090 - 00 96 00 41 c0 12 c0 08-00 16 00 13 c0 0d c0 03 ...A............
00a0 - 00 0a 00 07 c0 11 c0 07-c0 0c c0 02 00 05 00 04 ................
00b0 - 00 ff 01 00 00 41 00 0b-00 04 03 00 01 02 00 0a .....A..........
00c0 - 00 08 00 06 00 19 00 18-00 17 00 23 00 00 00 0d ...........#....
00d0 - 00 20 00 1e 06 01 06 02-06 03 05 01 05 02 05 03 . ..............
00e0 - 04 01 04 02 04 03 03 01-03 02 03 03 02 01 02 02 ................
00f0 - 02 03 00 0f 00 01 01 .......
>>> TLS 1.2 Handshake [length 00f2], ClientHello
01 00 00 ee 03 03 5b 0f 23 30 2d 6a c0 8d ba a3
46 f8 76 0d e7 ff 5e 63 19 00 bc 86 64 40 3e ed
29 fe 5c 28 bc d7 00 00 84 c0 30 c0 2c c0 28 c0
24 c0 14 c0 0a 00 a3 00 9f 00 6b 00 6a 00 39 00
38 00 88 00 87 c0 32 c0 2e c0 2a c0 26 c0 0f c0
05 00 9d 00 3d 00 35 00 84 c0 2f c0 2b c0 27 c0
23 c0 13 c0 09 00 a2 00 9e 00 67 00 40 00 33 00
32 00 9a 00 99 00 45 00 44 c0 31 c0 2d c0 29 c0
25 c0 0e c0 04 00 9c 00 3c 00 2f 00 96 00 41 c0
12 c0 08 00 16 00 13 c0 0d c0 03 00 0a 00 07 c0
11 c0 07 c0 0c c0 02 00 05 00 04 00 ff 01 00 00
41 00 0b 00 04 03 00 01 02 00 0a 00 08 00 06 00
19 00 18 00 17 00 23 00 00 00 0d 00 20 00 1e 06
01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 04
03 03 01 03 02 03 03 02 01 02 02 02 03 00 0f 00
01 01
read from 0x1b85ef0 [0x1b8b4d0] (7 bytes => -1 (0xFFFFFFFFFFFFFFFF))
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 247 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
的数据包捕获
我将其与另一台有效的服务器进行了比较,而Client Hello与32位UNIX Time和随机28字节的例外情况相同。
有人可以帮助我理解为什么这个被同行重置,或者至少我需要考虑哪些变量?
提前致谢。
---澄清信息---
另一台服务器(服务器B)是不同数据中心的不同主机,它具有相同的openssl版本OpenSSL 1.0.1e-fips 2013年2月11日。我在服务器B和服务器B上运行相同的命令并将其拉下证书链。我也从服务器A运行相同的命令到smtp.gmail.com:993,它从中获取了一个证书。