500 SSL与perl的协商失败
我试图从客户机SunOS 5.10使用perl脚本连接到webservice服务器,但没有成功 我正在使用ActivePerl 5.8.8以及其他一些已安装的库。 我还安装了带有cacertificates dependencie的libssl0_9_8 注意,服务器端负责webservice的团队告诉我,他们没有管理任何证书 我读过很多论坛,但对于这个问题我没有明确的答案。 我在脚本中使用以下内容:500 SSL与perl的协商失败,perl,ssl,soaplite,Perl,Ssl,Soaplite,我试图从客户机SunOS 5.10使用perl脚本连接到webservice服务器,但没有成功 我正在使用ActivePerl 5.8.8以及其他一些已安装的库。 我还安装了带有cacertificates dependencie的libssl0_9_8 注意,服务器端负责webservice的团队告诉我,他们没有管理任何证书 我读过很多论坛,但对于这个问题我没有明确的答案。 我在脚本中使用以下内容: use SOAP::Lite; use SOAP::Lite +trace => 'al
use SOAP::Lite;
use SOAP::Lite +trace => 'all';
$ENV{HTTPS_DEBUG} = 1;
my $server = $conf->param("Server");
my $url = "https://$server:443/services";
my $service = SOAP::Lite->proxy("$url/service") or die $logger->error("Error: WebService $!");
bash-3.2# ./GetTest.pl
SOAP::Transport::new: ()
SOAP::Serializer::new: ()
SOAP::Deserializer::new: ()
SOAP::Parser::new: ()
SOAP::Lite::new: ()
SOAP::Transport::HTTP::Client::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Lite::call: ()
SOAP::Serializer::envelope: ()
SOAP::Serializer::envelope: getInterface SOAP::Data=HASH(0x1003e0c) SOAP::Data=HASH(0x1003b18) SOAP::Data=HASH(0x1003bd8) SOAP::Data=HASH(0x1003ce0)
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Data::new: ()
SOAP::Transport::HTTP::Client::send_receive: HTTP::Request=HASH(0x100368c)
SOAP::Transport::HTTP::Client::send_receive: POST https://<SERVER>:443/axis2/services/Service HTTP/1.1
Accept: text/xml
Accept: multipart/*
Accept: application/soap
Content-Length: 875
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://...#getInterface"
...
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL3 alert write:fatal:handshake failure
SSL_connect:error in SSLv3 read server hello A
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:failed in SSLv2 read server hello A
SOAP::Transport::HTTP::Client::send_receive: HTTP::Response=HASH(0x77c3e8)
SOAP::Transport::HTTP::Client::send_receive: 500 SSL negotiation failed:
Content-Type: text/plain
Client-Date: Mon, 09 Mar 2015 10:27:04 GMT
Client-Warning: Internal response
500 SSL negotiation failed:
SOAP::Deserializer::deserialize: ()
SOAP::Parser::decode: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Transport::HTTP::Client::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Transport::DESTROY: ()
SOAP::Serializer::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Data::DESTROY: ()
SOAP::Deserializer::DESTROY: ()
SOAP::Parser::DESTROY: ()
SOAP::Lite::DESTROY: ()
bash-3.2#/GetTest.pl
SOAP::Transport::new:()
SOAP::序列化程序::新建:()
SOAP::反序列化程序::新建:()
SOAP::Parser::new:()
SOAP::Lite::new:()
SOAP::Transport::HTTP::Client::new:()
SOAP::Data::new:()
SOAP::Data::new:()
SOAP::Data::new:()
SOAP::Data::new:()
SOAP::Data::new:()
SOAP::Data::new:()
SOAP::Data::new:()
SOAP::Data::new:()
SOAP::Lite::call:()
SOAP::序列化程序::信封:()
SOAP::Serializer::envelope:getInterface SOAP::Data=HASH(0x1003e0c)SOAP::Data=HASH(0x1003b18)SOAP::Data=HASH(0x1003bd8)SOAP::Data=HASH(0x1003ce0)
SOAP::Data::new:()
SOAP::Data::new:()
SOAP::Data::new:()
SOAP::Data::new:()
SOAP::Data::new:()
SOAP::Transport::HTTP::Client::发送\接收:HTTP::请求=哈希(0x100368c)
SOAP::Transport::HTTP::Client::发送\接收:POST https://:443/axis2/services/Service HTTP/1.1
接受:text/xml
接受:多部分/*
接受:应用程序/soap
内容长度:875
内容类型:text/xml;字符集=utf-8
SOAPAction:“http://...#getInterface"
...
SSL_connect:在/connect初始化之前
SSL\u connect:SSLv2/v3写客户端hello A
SSL3警报读取:致命:握手失败
SSL_connect:SSLv2/v3读取服务器hello A中出错
SSL_connect:在/connect初始化之前
SSL_connect:SSLv3写客户端hello A
SSL3警报写入:致命:握手失败
SSL_connect:SSLv3读取服务器hello A中出错
SSL_connect:在/connect初始化之前
SSL_connect:SSLv2写客户端hello A
SSL_connect:在SSLv2读取服务器hello A中失败
SOAP::Transport::HTTP::Client::发送\接收:HTTP::响应=哈希(0x77c3e8)
SOAP::Transport::HTTP::Client::发送\接收:500 SSL协商失败:
内容类型:文本/纯文本
客户日期:2015年3月9日星期一10:27:04 GMT
客户端警告:内部响应
500 SSL协商失败:
SOAP::反序列化程序::反序列化:()
SOAP::解析器::解码:()
SOAP::Data::DESTROY:()
SOAP::Data::DESTROY:()
SOAP::Data::DESTROY:()
SOAP::Transport::HTTP::Client::DESTROY:()
SOAP::Data::DESTROY:()
SOAP::Data::DESTROY:()
SOAP::Data::DESTROY:()
SOAP::Data::DESTROY:()
SOAP::Data::DESTROY:()
SOAP::Data::DESTROY:()
SOAP::Data::DESTROY:()
SOAP::Data::DESTROY:()
SOAP::传输::销毁:()
SOAP::序列化程序::销毁:()
SOAP::Data::DESTROY:()
SOAP::Data::DESTROY:()
SOAP::反序列化程序::销毁:()
SOAP::解析器::销毁:()
SOAP::Lite::DESTROY:()
bash-3.2# openssl s_client -connect <server>:443 -tls1
CONNECTED(00000004)
depth=1 /C=FR/ST=Alpes-Maritimes/...
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
...
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICcjCCAds...
-----END CERTIFICATE-----
...
---
No client certificate CA names sent
---
SSL handshake has read 1886 bytes and written 260 bytes
---
New, TLSv1/SSLv3, Cipher is ...
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
SSL-Session:
Protocol : TLSv1
Cipher : ...
Verify return code: 19 (self signed certificate in certificate chain)
---
bash-3.2#openssl s#U客户端-连接:443-tls1
已连接(00000004)
深度=1/C=FR/ST=阿尔卑斯海时间/。。。
验证错误:num=19:证书链中的自签名证书
验证返回:0
---
证书链
...
---
服务器证书
-----开始证书-----
MIICcjCCAds。。。
-----结束证书-----
...
---
未发送客户端证书CA名称
---
SSL握手读取1886字节,写入260字节
---
新的,TLSv1/SSLv3,密码是。。。
服务器公钥为1024位
不支持安全重新协商
SSL会话:
协议:TLSv1
密码:。。。
验证返回代码:19(证书链中的自签名证书)
---
提前感谢,存在SSL握手问题。使用“perl-MIO::Socket::SSL=debug4…”调用代码以获取有关SSL握手的更多详细信息。除此之外,您的perl和openssl版本都相当旧,尤其是后者可能是问题的根源。Activestate特别不支持/更新旧(免费)版本ActivePerl的模块。更新到5.20是一个好主意。它似乎使用了Crypt::SSLeay而不是IO::Socket::SSL,因为它是一个非常旧的版本。在这种情况下,调试提示将不会有帮助。由于SSLv23、SSLv3和SSLv2握手失败,可能是因为您的系统太旧,无法与服务器通信,即服务器需要TLS1.1+,或者需要OpenSSL版本不支持的密码,或者服务器需要SNI。我考虑了您的建议:-将ActivePerl从5.8.8升级到5.20。您是否有任何可供下载的链接或确保5.20将支持升级服务器(脚本所在的位置)什么类型的SunOS 5.10库(包括TLS1.1+或其他提到的库)可以解决此问题?我不知道什么是密码或SNI?你能给我解释一下吗?提前感谢,编辑(UP)请查看第一条消息