用于检查服务器是否正在提供证书的OpenSSL命令
我正在尝试运行openssl命令,以缩小试图从系统发送出站消息时SSL问题的范围 我在另一个主题中找到此命令: 这个结果的输出是用于检查服务器是否正在提供证书的OpenSSL命令,ssl,openssl,Ssl,Openssl,我正在尝试运行openssl命令,以缩小试图从系统发送出站消息时SSL问题的范围 我在另一个主题中找到此命令: 这个结果的输出是 CONNECTED(00000003) 15841:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: --- no peer certificate available --- No client certificate CA names sent --- SSL
CONNECTED(00000003)
15841:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 121 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
openssl s_client -connect ip:port -prexit
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 121 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
openssl s_client -connect ip:port -prexit -ssl3
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
Start Time: 1403907236
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
Start Time: 1403907267
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
这是一次握手失败。另一端关闭连接而不发送任何数据(“读取0字节”)。另一方可能根本不讲SSL。但我在损坏的SSL实现上也看到过类似的错误,它们不理解较新的SSL版本。如果您通过将
-ssl3server {
listen [::]:80;
listen 80;
server_name timtimer.at www.timtimer.at;
include h5bp/directive-only/ssl.conf;
# and redirect to the https host (declared below)
# avoiding http://www -> https://www -> https:// chain.
return 301 https://www.timtimer.at$request_uri;
}
server {
listen [::]:443 ssl spdy;
listen 443 ssl spdy;
# listen on the wrong host
server_name timtimer.at;
### ERROR IS HERE ###
# You eighter have to include the .crt and .key here also (like below)
# or include it in the below included ssl.conf like suggested by H5BP
include h5bp/directive-only/ssl.conf;
# and redirect to the www host (declared below)
return 301 https://www.timtimer.at$request_uri;
}
server {
listen [::]:443 ssl spdy;
listen 443 ssl spdy;
server_name www.timtimer.at;
include h5bp/directive-only/ssl.conf;
# Path for static files
root /home/forge/default/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/default/2658/server.crt;
ssl_certificate_key /etc/nginx/ssl/default/2658/server.key;
# ...
# Include the basic h5bp config set
include h5bp/basic.conf;
}
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/default/2658/server.crt;
ssl_certificate_key /etc/nginx/ssl/default/2658/server.key;
因此,仅为www版本指定密钥是不够的,即使您仅直接调用www版本也是如此 我今天调试了一个SSL问题,导致了相同的
write:errno=104servername-servernameopenssl s_client -connect domain.tld:443 -servername domain.tld
希望这能有所帮助。当我们的代理用他们的自签名证书重新写入HTTPS连接时,我也尝试访问github.com,获得了以下信息: 没有可用的对等证书 未发送客户端证书CA名称 在我的输出中,还有: 协议:TLSv1.3 我添加了
-tls1_2openssl s_客户端-connect github.com:443-tls1_2write:errno=104问题很简单,用户RabbitMQ正在运行,因为它对证书文件没有读取权限。RabbitMQ中几乎没有有用的日志记录 对于较旧的实现,
-ssl3tls1_2write:errno=104# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/default/2658/server.crt;
ssl_certificate_key /etc/nginx/ssl/default/2658/server.key;
openssl s_client -connect domain.tld:443 -servername domain.tld