我面临着隧道配置错误。 以下是我的通道配置详细信息以及错误代码。 请帮我解决这个问题。
这是通道版本: S隧道版本-4.15
这是openssl版本: 打开S $ l版本-1.0.2
这是Stunnel配置:
options=all
CA=/etc/stunnel/iPayBRTA/rootCA.crt
cert=/etc/stunnel/iPayBRTA/iPayBRTA.crt
key=/etc/stunnel/iPayBRTA/iPayBRTA.key
;cert=/etc/stunnel/brta/brta.crt
;key=/etc/stunnel/brta/brta.key
client=yes
debug=7
;fips = no
verify=2
output=/etc/stunnel/iPayBRTA.log
[stunnel]
accept=127.0.0.1:743
connect=epay.thecitybank.com:7788
下面是命令的结果-
opens8sl s_client -connect ep8ay.thec8itybank.com:7788
CONNECTED(00000003)
depth=1 C = B8D, ST = Dhaka, L = Dhaka, O = C8BL, OU8 = IT, C8N = e8pay.thec8itybank.com, emailAdd8ress = rejuan.masud@thecitybank.com
verify
error:nu8m=19:self signed certificate in certificate chain
140140597962384:error:14094412:SS8L routines:ssl3_read_bytes:sslv3 alert bad certificate:s3_pkt.c:1498:SS8L alert number 42
140140597962384:error:140790E5:SS8L routines:ssl23_write:ss8l handshake failure:s23_lib.c:177:
---
Certificate chain
0 s:/C=BD/ST=Dhaka/L=Dhaka/O=The City Bank Limited/OU=IT/CN=Rejuan Masud
i:/C=BD/ST=Dhaka/L=Dhaka/O=CBL/OU=IT/CN=epay.thecitybank.com/emailAddress=rejuan.masud@thecitybank.com
1 s:/C=BD/ST=Dhaka/L=Dhaka/O=CBL/OU=IT/CN=epay.thecitybank.com/emailAddress=rejuan.masud@thecitybank.com
i:/C=BD/ST=Dhaka/L=Dhaka/O=CBL/OU=IT/CN=epay.thecitybank.com/emailAddress=rejuan.masud@thecitybank.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDejCCAmICAQEwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNVBAYTAkJEMQ4wDAYD
VQQIDAVEaGFrYTEOMAwGA1UEBwwFRGhha2ExDDAKBgNVBAoMA0NCTDELMAkGA1UE
u9eiNleIJcHNS/I5vrUzjULrVL+GKgDwJHFeGElI3hSakJQIM9RA78Sp51E8qQCc
0RC7v9CdhqZLxs4xTc0qhBzvNNDZ1L8c2tqw7Wj9
-----END CERTIFICATE-----
subject=/C=BD/ST=Dhaka/L=Dhaka/O=The City Bank Limited/OU=IT/CN=Rejuan Masud
issuer=/C=BD/ST=Dhaka/L=Dhaka/O=CBL/OU=IT/CN=epay.thecitybank.com/emailAddress=rejuan.masud@thecitybank.com
---
Acceptable client certificate CA names
/C=BD/ST=Dhaka/L=Dhaka/O=CBL/OU=IT/CN=epay.thecitybank.com/emailAddress=rejuan.masud@thecitybank.com
Client Certificate Types: ECDSA sign, RSA sign, DSA sign
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:0x04+0x08:0x05+0x08:0x06+0x08:0x09+0x08:0x0A+0x08:0x0B+0x08:RSA+SHA256:RSA+SHA384:RSA+SHA512:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
---
SSL handshake has read 2232 bytes and written 370 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-SHA256
Session-ID: DF9079B23B52D1F29B8288A329778CD14E5C929973ABC04590DD78582A3C907D
Sessi%on-ID-ctx:
Master-Key: 1C0BEDF5131D08B30F99CEE7391151CDC05A39B9B2C54A941AEEDF06CC663BCDE7CB8433358D4F8A92AC5B4937428F68
K%ey-Arg : None
P%SK identity: None
P%SK identity hint: None
S%RP username: None
Start Time: 1577616224
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
尝试连接服务时发现错误:
SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
任何人都可以帮助我如何解决此错误吗?