尝试执行发布/获取请求时,客户端应用中的客户端发生握手错误(操作系统错误:TLSV1_ALERT_PROTOCOL_VERSION(tls_record.cc:586)

时间:2019-08-02 07:35:51

标签: node.js http flutter https nginx-reverse-proxy

我有Node.js rest API,我在flutter应用程序中使用了这些API来相应地执行请求,但是当我尝试执行同样的操作时,却遇到了一个异常:

Exception has occurred.
HandshakeException (HandshakeException: Handshake error in client (OS Error: TLSV1_ALERT_PROTOCOL_VERSION(tls_record.cc:586)))

我正在与http客户端进行请求,例如:

import 'package:http/http.dart' as http;
const _baseUrl = https://domain.in/api/

http.Response response = await http.post(
      _baseUrl + 'user/login',
      body: json.encode(_authData),
      headers: {'Content-Type': 'application/json'},
    ).catchError((onError){
      print(onError);
    });

它可以使用http,但是不能使用https。

2 个答案:

答案 0 :(得分:0)

我遇到了同样的问题。问题出在服务器端的SSL证书上。 我将请求从https更改为http。

答案 1 :(得分:0)

由于您的nginx ssl配置,这是服务器端错误。

ssl_protocols文件中的

/etc/nginx/nginx.conf行应如下所示:

ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;

如果您在同一路径下的ssl/etc/nginx/sites-enabled/default文件中的yourdomain设置中使用了额外的文件,例如名为ssl-params.conf的文件,请添加ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;在该文件中也行。

这是我的/etc/nginx/sites-enabled/default文件的一部分:

server {
    #Enable HTTP/2
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name domain.net www.domain.net;

    # Use the Let's Encrypt certificates
    ssl_certificate /etc/letsencrypt/live/domain.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain.net/privkey.pem;

    #Include the SSL configuration from cipherli.st
    include snippets/ssl-params.conf; // <- !pay attention this line

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://localhost:5000/;
        proxy_ssl_session_reuse off;
        proxy_set_header Host $http_host;
        proxy_cache_bypass $http_upgrade;
        proxy_redirect off;
    }
}

这是我的/etc/nginx/snippets/ssl-params.conf文件:

ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on; 
ssl_dhparam /etc/ssl/certs/dhparam.pem; 
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout  10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s; 
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

这是我的ssl_protocols中的/etc/nginx/nginx.conf

ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

此设置解决了我的问题。 我希望也能帮助其他人。