1. 首页
  2. 问答
  3. Stunnel的SSL23_GET_SERVER_HELLO错误

Stunnel的SSL23_GET_SERVER_HELLO错误

2017-05-04 53 views
0

我试图建立安全通道,所以我可以访问我的IIS静态网站(http://localhostStunnel的SSL23_GET_SERVER_HELLO错误

我想通过“https://localhost:443”来访问它。

这里是我的conf文件:

[https] 
client= yes 
accept = 443 
connect = 80 
debug = 7 
sslVersion = all 
cert = D:\stunnel\config\cert.pfx

,这里是我得到的错误:我在寻找一个基本的基本配置

2017.05.04 12:41:01 LOG5[main]: UTF-8 byte order mark detected 
2017.05.04 12:41:01 LOG5[main]: FIPS mode disabled 
2017.05.04 12:41:01 LOG4[main]: Service [https] needs authentication to prevent MITM attacks 
2017.05.04 12:41:01 LOG5[main]: Configuration successful 
2017.05.04 12:41:14 LOG7[80]: Service [https] started 
2017.05.04 12:41:14 LOG7[80]: Option TCP_NODELAY set on local socket 
2017.05.04 12:41:14 LOG5[80]: Service [https] accepted connection from 127.0.0.1:54417 
2017.05.04 12:41:14 LOG6[80]: s_connect: connecting 127.0.0.1:80 
2017.05.04 12:41:14 LOG7[80]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds 
2017.05.04 12:41:14 LOG7[81]: Service [https] started 
2017.05.04 12:41:14 LOG7[81]: Option TCP_NODELAY set on local socket 
2017.05.04 12:41:14 LOG5[81]: Service [https] accepted connection from 127.0.0.1:54419 
2017.05.04 12:41:14 LOG6[81]: s_connect: connecting 127.0.0.1:80 
2017.05.04 12:41:14 LOG7[81]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds 
2017.05.04 12:41:14 LOG5[81]: s_connect: connected 127.0.0.1:80 
2017.05.04 12:41:14 LOG5[81]: Service [https] connected remote server from 127.0.0.1:54420 
2017.05.04 12:41:14 LOG7[81]: Option TCP_NODELAY set on remote socket 
2017.05.04 12:41:14 LOG7[81]: Remote descriptor (FD=552) initialized 
2017.05.04 12:41:14 LOG6[81]: SNI: sending servername: localhost 
2017.05.04 12:41:14 LOG6[81]: Peer certificate not required 
2017.05.04 12:41:14 LOG7[81]: TLS state (connect): before/connect initialization 
2017.05.04 12:41:14 LOG7[81]: TLS state (connect): SSLv2/v3 write client hello A 
2017.05.04 12:41:14 LOG3[81]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 
2017.05.04 12:41:14 LOG5[81]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 
2017.05.04 12:41:14 LOG7[81]: Deallocating application specific data for addr index 
2017.05.04 12:41:14 LOG7[81]: Remote descriptor (FD=552) closed 
2017.05.04 12:41:14 LOG7[81]: Local descriptor (FD=480) closed 
2017.05.04 12:41:14 LOG7[81]: Service [https] finished (1 left) 
2017.05.04 12:41:14 LOG5[80]: s_connect: connected 127.0.0.1:80 
2017.05.04 12:41:14 LOG5[80]: Service [https] connected remote server from 127.0.0.1:54418 
2017.05.04 12:41:14 LOG7[80]: Option TCP_NODELAY set on remote socket 
2017.05.04 12:41:14 LOG7[80]: Remote descriptor (FD=304) initialized 
2017.05.04 12:41:14 LOG6[80]: SNI: sending servername: localhost 
2017.05.04 12:41:14 LOG6[80]: Peer certificate not required 
2017.05.04 12:41:14 LOG7[80]: TLS state (connect): before/connect initialization 
2017.05.04 12:41:14 LOG7[80]: TLS state (connect): SSLv2/v3 write client hello A 
2017.05.04 12:41:14 LOG3[80]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 
2017.05.04 12:41:14 LOG5[80]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 
2017.05.04 12:41:14 LOG7[80]: Deallocating application specific data for addr index 
2017.05.04 12:41:14 LOG7[80]: Remote descriptor (FD=304) closed 
2017.05.04 12:41:14 LOG7[80]: Local descriptor (FD=496) closed 
2017.05.04 12:41:14 LOG7[80]: Service [https] finished (0 left) 
2017.05.04 12:41:14 LOG7[82]: Service [https] started 
2017.05.04 12:41:14 LOG7[82]: Option TCP_NODELAY set on local socket 
2017.05.04 12:41:14 LOG5[82]: Service [https] accepted connection from 127.0.0.1:54422 
2017.05.04 12:41:14 LOG6[82]: s_connect: connecting 127.0.0.1:80 
2017.05.04 12:41:14 LOG7[82]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds 
2017.05.04 12:41:14 LOG5[82]: s_connect: connected 127.0.0.1:80 
2017.05.04 12:41:14 LOG5[82]: Service [https] connected remote server from 127.0.0.1:54423 
2017.05.04 12:41:14 LOG7[82]: Option TCP_NODELAY set on remote socket 
2017.05.04 12:41:14 LOG7[82]: Remote descriptor (FD=304) initialized 
2017.05.04 12:41:14 LOG6[82]: SNI: sending servername: localhost 
2017.05.04 12:41:14 LOG6[82]: Peer certificate not required 
2017.05.04 12:41:14 LOG7[82]: TLS state (connect): before/connect initialization 
2017.05.04 12:41:14 LOG7[82]: TLS state (connect): SSLv2/v3 write client hello A 
2017.05.04 12:41:14 LOG3[82]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 
2017.05.04 12:41:14 LOG5[82]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 
2017.05.04 12:41:14 LOG7[82]: Deallocating application specific data for addr index 
2017.05.04 12:41:14 LOG7[82]: Remote descriptor (FD=304) closed 
2017.05.04 12:41:14 LOG7[82]: Local descriptor (FD=544) closed 
2017.05.04 12:41:14 LOG7[82]: Service [https] finished (0 left) 
2017.05.04 12:41:14 LOG7[83]: Service [https] started 
2017.05.04 12:41:14 LOG7[83]: Option TCP_NODELAY set on local socket 
2017.05.04 12:41:14 LOG5[83]: Service [https] accepted connection from 127.0.0.1:54425 
2017.05.04 12:41:14 LOG6[83]: s_connect: connecting 127.0.0.1:80 
2017.05.04 12:41:14 LOG7[83]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds 
2017.05.04 12:41:14 LOG5[83]: s_connect: connected 127.0.0.1:80 
2017.05.04 12:41:14 LOG5[83]: Service [https] connected remote server from 127.0.0.1:54426 
2017.05.04 12:41:14 LOG7[83]: Option TCP_NODELAY set on remote socket 
2017.05.04 12:41:14 LOG7[83]: Remote descriptor (FD=540) initialized 
2017.05.04 12:41:14 LOG6[83]: SNI: sending servername: localhost 
2017.05.04 12:41:14 LOG6[83]: Peer certificate not required 
2017.05.04 12:41:14 LOG7[83]: TLS state (connect): before/connect initialization 
2017.05.04 12:41:14 LOG7[83]: TLS state (connect): SSLv2/v3 write client hello A 
2017.05.04 12:41:14 LOG3[83]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 
2017.05.04 12:41:14 LOG5[83]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 
2017.05.04 12:41:14 LOG7[83]: Deallocating application specific data for addr index 
2017.05.04 12:41:14 LOG7[83]: Remote descriptor (FD=540) closed 
2017.05.04 12:41:14 LOG7[83]: Local descriptor (FD=488) closed 
2017.05.04 12:41:14 LOG7[83]: Service [https] finished (0 left) 
2017.05.04 12:41:14 LOG7[84]: Service [https] started 
2017.05.04 12:41:14 LOG7[84]: Option TCP_NODELAY set on local socket 
2017.05.04 12:41:14 LOG5[84]: Service [https] accepted connection from 127.0.0.1:54427 
2017.05.04 12:41:14 LOG6[84]: s_connect: connecting 127.0.0.1:80 
2017.05.04 12:41:14 LOG7[84]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds 
2017.05.04 12:41:14 LOG5[84]: s_connect: connected 127.0.0.1:80 
2017.05.04 12:41:14 LOG5[84]: Service [https] connected remote server from 127.0.0.1:54428 
2017.05.04 12:41:14 LOG7[84]: Option TCP_NODELAY set on remote socket 
2017.05.04 12:41:14 LOG7[84]: Remote descriptor (FD=304) initialized 
2017.05.04 12:41:14 LOG6[84]: SNI: sending servername: localhost 
2017.05.04 12:41:14 LOG6[84]: Peer certificate not required 
2017.05.04 12:41:14 LOG7[84]: TLS state (connect): before/connect initialization 
2017.05.04 12:41:14 LOG7[84]: TLS state (connect): SSLv2/v3 write client hello A 
2017.05.04 12:41:14 LOG3[84]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 
2017.05.04 12:41:14 LOG5[84]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 
2017.05.04 12:41:14 LOG7[84]: Deallocating application specific data for addr index 
2017.05.04 12:41:14 LOG7[84]: Remote descriptor (FD=304) closed 
2017.05.04 12:41:14 LOG7[84]: Local descriptor (FD=484) closed 
2017.05.04 12:41:14 LOG7[84]: Service [https] finished (0 left)

有谁能告诉为什么它不工作请。 有什么幕后我需要配置?

来源

2017-05-04 Tom Mart

+0

听起来像您的服务器说话旧版本的ssl比stunnel会认为可以接受,请检查选项以启用较旧的ssl –

回答

1

'client = yes'使stunnel加密从客户端接收到的数据 并解密从服务器接收到的数据。

决心通过设置客户端“否”:

[https] 
client= No 
accept = 443 
connect = 80 
debug = 7 
sslVersion = all 
cert = D:\stunnel\config\cert.pfx

来源

2017-05-05 15:03:03

1

此错误是从没有运行你试图连接到端口上的安全通道服务器的事实来了。

Stunnel需要客户端和服务器。他们说的协议是SSL封装的TCP。如果您尝试将Stunnel客户端指向IIS等Web服务器,则Stunnel客户端将无法与其通信。期望另一个Stunnel实例运行Stunnel服务器配置文件。

这就是为什么你会看到未知的协议消息 - 当stunnel发送一个TCP包裹的数据包时,网络服务器无法理解它,因此它不会回复你。

2017.05.04 12:41:14 LOG3[84]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 2017.05.04 12:41:14 LOG5[84]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

您可以通过Stunnel的,运行HTTP或HTTPS,但一旦你的客户端和服务器设置。以下是Stunnel clientStunnel server的示例配置文件,它们将在端口8000上创建Stunnel连接,并允许客户端使用端口9999访问在端口9998上的服务器上运行的Web服务器。

来源

2017-05-06 01:47:28 charlesreid1

相关问题

 相关问题