与node.js服务器的SSL握手失败_Node.js_Https_Socket.io_Openssl_Bitnami

与node.js服务器的SSL握手失败

node.js https socket.io openssl

与node.js服务器的SSL握手失败,node.js,https,socket.io,openssl,bitnami,Node.js,Https,Socket.io,Openssl,Bitnami,我目前正在尝试用socket.io创建一个安全的连接，但我现在真的无法实现。为了检查我的证书是否正确，我尝试在nodeJS中创建一个基本的https服务器 var fs = require('fs'); var certDir = "/path/to/the/certificates/cert-test/"; require("https").createServer( { key : fs.readFileSync(certDir + 'srv.key'), cert : f

我目前正在尝试用socket.io创建一个安全的连接，但我现在真的无法实现。为了检查我的证书是否正确，我尝试在nodeJS中创建一个基本的https服务器

var fs = require('fs');
var certDir = "/path/to/the/certificates/cert-test/";
require("https").createServer(
{
    key  : fs.readFileSync(certDir + 'srv.key'),
    cert : fs.readFileSync(certDir + 'crt.pem'),
},
function(request, response){
    response.writeHeader(200, {"Content-Type": "text/plain"});
    response.write("Hello World!\n");
    response.end();
}).listen(8082).on('clientError', function(e){
    console.log(e);
});

与http等效的方法可以很好地工作，但不可能使这个方法工作。我将节点版本升级到v0.12.4，npm升级到2.11.0，https是1.0.0（为了进一步查询，socket.io是1.3.5）。服务器在AWS上，有一个bitnami实例，Ubuntu 12.04.5 LTS，内核版本3.2.0-84-virtual，OpenSSL为1.0.1i

我试图通过（在我的浏览器和curl中）与服务器联系，但我从未实现过正确的握手

服务器检测到以下错误：

[错误：3074971392:错误：1408A0C1:SSL 例程：SSL3\u获取\u客户端\u你好：无共享密码：../deps/openssl/openssl/ssl/s3_srvr.c:1389:]
[错误：3074971392:错误：140A1175:SSL 例程：SSL字节到密码列表：不合适回退：../deps/openssl/openssl/ssl/ssl\u lib.c:1481:]

我试着检查服务器上可用的密码和计算机上可用的密码，有很多匹配项。所以伙计们，我真的没有主意了，我希望能得到一些帮助

编辑

openssl x509的输出-在crt.pem中-通知pem-文本-noout：

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            af:b7:19:35:7b:0e:87:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc.,    OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate     Authority - G2
        Validity
            Not Before: Jan  6 10:11:41 2015 GMT
            Not After : Jan 25 08:15:28 2016 GMT
        Subject: OU=Domain Control Validated, CN=node.foobar.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            Public-Key: (2048 bit)
            Modulus:
                00:ce:93:8c:6a:0a:54:d8:b8:02:94:0d:d4:23:98:
                80:98:5e:42:fb:b2:4a:f7:62:68:82:42:32:dc:6f:
                5d:02:3a:b8:34:7c:9f:1c:e6:83:94:a3:1a:1e:25:
                aa:58:69:4b:4d:76:8e:07:73:09:d3:6a:20:65:ad:
                40:f5:a4:75:fa:51:79:af:94:1d:c3:39:c0:d4:70:
                e0:f0:61:e7:26:d8:78:b8:58:7e:0e:85:22:a2:83:
                09:69:85:f6:3e:b1:de:80:71:07:88:d8:9f:f9:6a:
                8b:d4:ad:61:bc:c2:bb:98:6c:36:71:d8:20:3f:d1:
                d4:d8:0e:91:d7:eb:42:3f:f3:98:97:fa:c4:cb:78:
                04:c2:ef:12:ba:a5:cf:cd:05:44:ad:a1:cc:ff:04:
                b9:e1:74:ab:09:8a:58:1b:11:e6:f9:8f:28:c2:39:
                3d:71:1e:e4:e2:e4:a4:f7:45:94:04:f2:4a:fc:62:
                ab:b5:9a:18:56:e8:40:4d:12:17:a7:26:07:54:db:
                5b:87:99:56:9e:5c:94:28:0d:6c:29:9d:06:56:3b:
                5e:c2:1f:6b:1f:6a:90:c2:97:24:77:63:32:26:f5:
                25:d6:02:73:61:6b:69:20:39:a7:be:af:51:27:c5:
                a5:b4:a4:1f:e2:36:fc:15:25:30:fe:08:8f:0a:12:
                5f:c9
            Exponent: 65537 (0x10001)
    X509v3 extensions:
        X509v3 Basic Constraints: critical
            CA:FALSE
        X509v3 Extended Key Usage: 
            TLS Web Server Authentication, TLS Web Client Authentication
        X509v3 Key Usage: critical
            Digital Signature, Key Encipherment
        X509v3 CRL Distribution Points: 

            Full Name:
              URI:http://crl.godaddy.com/gdig2s1-87.crl

        X509v3 Certificate Policies: 
            Policy: 2.16.840.1.114413.1.7.23.1
              CPS: http://certificates.godaddy.com/repository/

        Authority Information Access: 
            OCSP - URI:http://ocsp.godaddy.com/
            CA Issuers - URI:http://certificates.godaddy.com/repository/gdig2.crt

        X509v3 Authority Key Identifier: 
            keyid:40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE

        X509v3 Subject Alternative Name: 
            DNS:foobar.com, DNS:www.foobar.com, DNS:www.foo.bar.com
        X509v3 Subject Key Identifier: 
            70:FE:A0:B4:00:2E:14:98:B8:CA:BF:C8:63:A7:23:63:7C:FA:48:82
Signature Algorithm: sha256WithRSAEncryption
     70:b7:dd:2b:ed:b9:7b:4e:4d:b1:13:26:7b:5d:f4:10:1f:28:
     a4:b8:f5:99:4e:ee:34:56:b1:eb:06:19:d8:14:c8:28:44:fe:
     63:f1:2e:58:73:c7:22:57:1a:4f:2c:00:ef:2b:f8:c6:52:09:
     71:1a:68:00:35:a0:f8:df:57:c5:98:f8:43:68:ba:b5:ff:3e:
     e1:a5:ad:6a:85:64:dd:40:72:d1:9d:04:61:54:cc:7c:92:c4:
     b3:68:6a:77:32:1b:49:ea:6c:7e:28:c7:67:ce:1d:ed:29:49:
     d6:9c:76:4d:a3:f1:a5:f5:0a:0a:92:72:7e:0a:1a:22:43:32:
     18:9f:3f:fe:62:e0:57:ee:92:9d:fb:5f:bd:4b:c9:c4:1d:ba:
     cb:0d:3c:b9:00:2f:79:fc:5d:cd:df:9e:d7:c9:79:3b:45:c4:
     7c:ad:cb:47:6d:8e:82:cc:dd:8e:2d:86:fc:94:4b:bf:9d:8e:
     37:37:90:1c:74:73:f1:93:e7:f1:c9:e3:e0:d9:5c:fb:d6:3d:
     09:6b:d5:45:ab:47:d2:65:69:6c:af:81:08:35:6c:87:7f:dd:
     fa:26:2e:8a:bf:4e:53:c1:70:1a:0a:e1:7f:e9:18:c5:82:f1:
     90:9e:6c:29:7b:b7:cc:a3:25:3f:7f:8d:f3:b5:58:25:62:56:
     64:50:43:b3

openssl s_客户端-connect node.foobar.com的输出：8082-tls1-servername node.foobar.com：

CONNECTED(00000003)
3073997000:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1262:SSL alert number 40
3073997000:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1433377982
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

我尝试了

openssl s_client-connect node.foobar.com:8082-tls1_2-servername node.foobar.com

，下面是我得到的答案：

CONNECTED(00000003)
3074009288:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1262:SSL alert number 40
3074009288:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1433466977
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

顺便说一下，为了保持服务器正常运行，它使用forever包（v0.14.1）运行

可用密码：

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5

openssl s_客户端的输出-connect node.foobar.com:8082-tls1-密码“ECDHE-RSA-AES256-GCM-SHA384”-servername node.foobar.com

CONNECTED(00000003)
3073722568:error:140830B5:SSL routines:SSL3_CLIENT_HELLO:no ciphers     available:s3_clnt.c:757:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1433512430
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

顺便问一下，作为一个辅助问题，除了http变成https以请求socket.io/socket.io.js文件外，我必须获得它才能创建连接，还有什么我必须更改的，才能在我的网站上使用这个包吗

谢谢。

只是想提醒您没有响应。writeHeader（）方法，应该是response.writeHead（）。

参考：

这是发生的事情

$openssl s_client-connect node.inkive.com:8082-tls1-servername node.inkive.com-cipher'高：！阿努尔：！克尔萨：！PSK:！SRP:！MD5:！RC4'-调试
已连接（00000003）
写入0x7fbb02c23bb0[0x7fbb0301cc03]（220字节=>220（0xDC））
0000-16 03 01 00 d7 01 00 00-d3 03 01 1e 9d af 6b 4b kK
0010-ea d5 6c 84 44 b0 13 c5-77 ad 3c 98 4a 50 b3 19..l.D..w。5（0x5））
0000 - 15 03 01 00 02                                    .....
从0x7fbb02c23bb0[0x7fbb03018608]读取（2字节=>2（0x2））
0000 - 02 28                                             .(
140735193977308:错误：14094410:SSL例程：ssl3_读取_字节：sslv3警报握手失败：s3_pkt.c:1461:SSL警报编号40
140735193977308:错误：1409E0E5:SSL例程：ssl3_write_字节：SSL握手失败：s3_pkt.c:645

读取的

15 03 01 00 02

是TLS记录。它承载TLS有效载荷。

03 01

是TLS版本。

00 02

是有效载荷的长度

接下来的两个字节是有效负载，它是警报。

是警报，

是警报编号，它是40

警报40已发出。根据发出的警报：

7.4.1.3.服务器你好

将发送此消息的时间：

  The server will send this message in response to a ClientHello
  message when it was able to find an acceptable set of algorithms.
  If it cannot find such a match, it will respond with a handshake
  failure alert.

我不想用问题来回答问题，但服务器上启用了哪些协议和密码套件

相关的，创建一个HTTPS服务器，如下所示：

var https = require('https');
var fs = require('fs');

var options = {
    key: fs.readFileSync('/path/to/the/certificates/cert-test/srv.key'),
    cert: fs.readFileSync('/path/to/the/certificates/cert-test/crt.pem'),
};

https.createServer(options, function (req, res) {
  res.writeHead(200);
  res.end("hello world\n");
}).listen(8082);

您可能应该尝试一下，因为这是创建一个函数的官方方法。

函数（请求，响应）{…}）。听着（8082）

在我看来很奇怪

从编辑：
可用密码：

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:... ... EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5
使用“高：！低：！低：！kRSA:！MD5:！RC4:！PSK:！SRP:！DSS:！DSA”。它将使您获得整数和椭圆曲线的Diffie-Hellman，并避免在浏览器中使用
另外，除非您实际使用SRP和PSK，否则不要启用它们。除非您有DSS/DSA密钥，否则不要启用
DSS
。您需要
aNULL
，因为在OpenSSL中默认启用匿名协议。并且不要启用那些导出级密码套件（
EXP
）。不要为此启用
中等
或
低
。所有现代用户代理在
HIGH
方面都没有问题
使用上面的字符串，以下是您正在启用的密码：

$ openssl ciphers -v 'HIGH:!aNULL:!kRSA:!MD5:!RC4:!PSK:!SRP:!DSS:!DSA' ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 DH-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(256) Mac=AEAD DH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DH-RSA-AES256-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA256 DH-DSS-AES256-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA256 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DH-RSA-AES256-SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA1 DH-DSS-AES256-SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA1 DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 DH-RSA-CAMELLIA256-SHA SSLv3 Kx=DH/RSA Au=DH Enc=Camellia(256) Mac=SHA1 DH-DSS-CAMELLIA256-SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(256) Mac=SHA1 ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384 ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384 ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1 ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 DH-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(128) Mac=AEAD DH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DH-RSA-AES128-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA256 DH-DSS-AES128-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA256 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DH-RSA-AES128-SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA1 DH-DSS-AES128-SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA1 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 DH-RSA-CAMELLIA128-SHA SSLv3 Kx=DH/RSA Au=DH Enc=Camellia(128) Mac=SHA1 DH-DSS-CAMELLIA128-SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(128) Mac=SHA1 ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD ECDH-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA256 ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256 ECDH-RSA-AES128-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1 ECDH-ECDSA-AES128-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA1 ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1 ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1 EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 DH-RSA-DES-CBC3-SHA SSLv3 Kx=DH/RSA Au=DH Enc=3DES(168) Mac=SHA1 DH-DSS-DES-CBC3-SHA SSLv3 Kx=DH/DSS Au=DH Enc=3DES(168) Mac=SHA1 ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1 ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1

如果客户机没有受到影响，您可能希望这样做

const tls = require('tls') tls.DEFAULT_ECDH_CURVE = 'auto'
在某个地方，例如在server.js（您的文件）中。这只会影响服务器模块，根本不会转到客户端
关于安全性，据我所知，8.x.x版本意外地为曲线提供了一个严格的设置（但不是最安全的设置），并且由于LTS/semver的原因，他们在10.x.x之前无法更改默认值

在10.x.x中，它是“自动”的，所以我怀疑这是一个非常不安全的选项。
openssl s_client-connect my.url.com:8082-tls1-servername my.url.com
超时。似乎没有服务器正在侦听。你能确认你有一台服务器在监听这个端口吗？我好像在点击了两次node.inkve.com:8082之后触发了一个过滤器。我现在立即得到
connect:Connection拒绝
。看起来好像有什么东西在监听端口，但它不是在说HTTP或HTTPS。如果您未被禁止，请使用
-tls1\u 2
尝试
s\u客户端
。我知道
-ssl3
和
tls1
不起作用。谢谢你指出这一点。我纠正了它，但我想它不会解决我的问题…我如何检查哪些协议已启用？我没有删除任何内容。如果您需要，我可以添加服务器上的密码集。顺便说一下，我更改了se