Python 连接到rabbitmq SSLError:[SSL:SSLV3警报握手失败]SSLV3警报握手失败(\u SSL.c:1108)
我正在尝试使用SSL连接rabbitmq,端口61613上的加密连接工作得很好,但我无法使用Let's Encrypt连接到加密端口61614 我使用以下代码简单地连接到TLS 61614 rabbitmq stomp:Python 连接到rabbitmq SSLError:[SSL:SSLV3警报握手失败]SSLV3警报握手失败(\u SSL.c:1108),python,ssl,encryption,rabbitmq,client,Python,Ssl,Encryption,Rabbitmq,Client,我正在尝试使用SSL连接rabbitmq,端口61613上的加密连接工作得很好,但我无法使用Let's Encrypt连接到加密端口61614 我使用以下代码简单地连接到TLS 61614 rabbitmq stomp: hostname='rabbitmq.DOMAIN.NAME' context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH) with socket.create_connection((hostname, 616
hostname='rabbitmq.DOMAIN.NAME'
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
with socket.create_connection((hostname, 61614 )) as sock:
with context.wrap_socket(sock, server_hostname=hostname) as ssock:
print(ssock.version())
结果:
SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1108)
使用openssl进行测试:
openssl s_client -connect rabbitmq.DOMAIN.NAME:61614
结果是:
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = rabbitmq.DOMAIN.NAME
verify return:1
140003270226176:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1544:SSL alert number 40
---
Certificate chain
0 s:CN = rabbitmq.DOMAIN.NAME
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgISBNLfEcyZu5MmKWiRqiljwOY5MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA4MDcwOTA3MTZaFw0y
MDExMDUwOTA3MTZaMB8xHTAbBgNVBAMTFHJhYmJpdG1xLmxhbm9zLmNsb3VkMIIB
.....
GhqnyShKe63Uf/Buxy1gqOpBXRO+Sd8L8ww0IUciamomYoKGkwGkcT6Y+SB+IxCg
pA+3qsUUKjxE2kJ2S+lwsiHxpsHEMyoSXxFnmoELKF3FQEk=
-----END CERTIFICATE-----
subject=CN = rabbitmq.DOMAIN.NAME
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
---
Acceptable client certificate CA names
C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
CN = ************************
Client Certificate Types: ECDSA sign, RSA sign, DSA sign
Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3169 bytes and written 460 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: CF1*********************************7415F1B61
Session-ID-ctx:
Master-Key: 051*********************************B4
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1597525241
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
有什么建议可以解决吗?openssl s_客户端的输出显示与Python的输出基本相同的错误: 但这也表明TLS握手的主要部分起了作用,即它获得了证书、密码等,并且还表明服务器似乎要求客户端证书:
Acceptable client certificate CA names
C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
CN = ************************
Client Certificate Types: ECDSA sign, RSA sign, DSA sign
但是您的openssl s_客户机
和Python代码都不提供任何客户机证书。很可能由于缺少客户端证书,服务器最终放弃了TLS握手,从而导致握手失败
因此,您需要更改服务器配置,不请求任何客户机证书,或者需要通过提供预期的客户机证书来匹配服务器对客户机证书的要求-无论这是什么(检查您的服务器)。我刚刚忘了在rabbitmq.conf中添加以下内容:
ssl_options.depth = 2
现在一切都正确了
谢谢你的帮助
ssl_options.depth = 2