【发布时间】:2014-09-11 09:19:39
【问题描述】:
我们正在尝试从一台服务器到另一台服务器建立SSL-Connection,以通过安全连接执行一些 HTTP 请求。
侦听连接的服务器配置为侦听Port 5050,并提供根证书以检查client 证书以进行验证。
client 想使用以下命令连接到此服务器:
openssl s_client -msg -ssl3 -cert /path/to/cert/clientname.crt -certform PEM -key /path/to/key/clientname.pem -connect server:5050
此连接的响应如下:
CONNECTED(00000003)
>>> SSL 3.0 Handshake [length 0086], ClientHello
01 00 00 82 03 00 54 11 68 42 03 ef 07 59 ff cc
31 03 99 2c 70 7c 56 fb 08 e3 fc 6a 88 ef 1c 69
84 fc 26 fc 80 f7 00 00 5a c0 14 c0 0a 00 39 00
38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0
08 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 00
33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00
2f 00 96 00 41 c0 11 c0 07 c0 0c c0 02 00 05 00
04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00
03 00 ff 02 01 00
<<< SSL 3.0 Alert [length 0002], fatal handshake_failure
02 28
140628594931368:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40
140628594931368:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1410426946
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
在SSL-Server的日志中,我得到了以下条目:
INFO connection accepted from clientname:45344
2014-09-11 11:15:46 ERROR SSL error, SSL_ERROR_SSL: retval -1, no shared cipher
我们将不胜感激。
干杯。
【问题讨论】:
-
Stack Overflow 是一个编程和开发问题的网站。这个问题似乎离题了,因为它与编程或开发无关。请参阅帮助中心的What topics can I ask about here。也许Super User 或Unix & Linux Stack Exchange 会是一个更好的提问地方。另见Where do I post questions about Dev Ops?