我有一个在Tomcat上运行的WSO2身份认证服务器,在Ubuntu上的端口9443上使用自签名证书。我可以从其他电脑上访问它(我只是得到一个关于自签名证书的警告)。 但是当我尝试从服务器本身访问它时,我从wget得到Unable to establish SSL connection
,从openssl得到error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
,从curl得到Empty reply from server
。无法从本地主机建立SSL连接
这里是openssl s_client -debug -msg -state -connect localhost:9443
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0x74f540 [0x74f5c0] (225 bytes => 225 (0xE1))
0000 - 16 03 01 00 dc 01 00 00-d8 03 02 53 7c d7 27 fc ...........S|.'.
0010 - 3e cc d4 60 3d 99 9d 25-5c 6e 4a d9 36 1a 8a a7 >..`=..%\nJ.6...
0020 - d1 a7 83 7a ba 86 ed b2-f5 03 5c 00 00 66 c0 14 ...z......\..f..
0030 - c0 0a c0 22 c0 21 00 39-00 38 00 88 00 87 c0 0f ...".!.9.8......
0040 - c0 05 00 35 00 84 c0 12-c0 08 c0 1c c0 1b 00 16 ...5............
0050 - 00 13 c0 0d c0 03 00 0a-c0 13 c0 09 c0 1f c0 1e ................
0060 - 00 33 00 32 00 9a 00 99-00 45 00 44 c0 0e c0 04 .3.2.....E.D....
0070 - 00 2f 00 96 00 41 c0 11-c0 07 c0 0c c0 02 00 05 ./...A..........
0080 - 00 04 00 15 00 12 00 09-00 14 00 11 00 08 00 06 ................
0090 - 00 03 00 ff 01 00 00 49-00 0b 00 04 03 00 01 02 .......I........
00a0 - 00 0a 00 34 00 32 00 0e-00 0d 00 19 00 0b 00 0c ...4.2..........
00b0 - 00 18 00 09 00 0a 00 16-00 17 00 08 00 06 00 07 ................
00c0 - 00 14 00 15 00 04 00 05-00 12 00 13 00 01 00 02 ................
00d0 - 00 03 00 0f 00 10 00 11-00 23 00 00 00 0f 00 01 .........#......
00e0 - 01 .
>>> TLS 1.1 [length 00dc]
01 00 00 d8 03 02 53 7c d7 27 fc 3e cc d4 60 3d
99 9d 25 5c 6e 4a d9 36 1a 8a a7 d1 a7 83 7a ba
86 ed b2 f5 03 5c 00 00 66 c0 14 c0 0a c0 22 c0
21 00 39 00 38 00 88 00 87 c0 0f c0 05 00 35 00
84 c0 12 c0 08 c0 1c c0 1b 00 16 00 13 c0 0d c0
03 00 0a c0 13 c0 09 c0 1f c0 1e 00 33 00 32 00
9a 00 99 00 45 00 44 c0 0e c0 04 00 2f 00 96 00
41 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00
12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 01
00 00 49 00 0b 00 04 03 00 01 02 00 0a 00 34 00
32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 00
0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00
04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f 00
10 00 11 00 23 00 00 00 0f 00 01 01
SSL_connect:unknown state
read from 0x74f540 [0x754b20] (7 bytes => 0 (0x0))
140199307044512:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 225 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
这里输出是在server.xml中的连接器配置
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="9443"
bindOnInit="false"
sslProtocol="TLS"
maxHttpHeaderSize="8192"
acceptorThreadCount="2"
maxThreads="250"
minSpareThreads="50"
disableUploadTimeout="false"
enableLookups="false"
connectionUploadTimeout="120000"
maxKeepAliveRequests="200"
acceptCount="200"
server="WSO2 Carbon Server"
clientAuth="false"
compression="on"
scheme="https"
secure="true"
SSLEnabled="true"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg"
URIEncoding="UTF-8"/>
为什么没有证书时,本地远程一切正常?
不知道是否它的相关,但你试试这个? http://shickys.blogspot.co.uk/2012/11/addressing-openjdk-bug-with-ssl-on.html – Bruno
谢谢,我已经看到了这一点,但我认为我的问题是不同的,因为在这个错误报告https ://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/1006776服务器实际上用7个字节回答,但在我的情况下,它立即关闭连接。 – JanHudecek