SSL_握手错误Domino TLS传出_Ssl_Encryption_Lotus Domino_Poodle Attack

SSL_握手错误Domino TLS传出

ssl encryption

SSL_握手错误Domino TLS传出,ssl,encryption,lotus-domino,poodle-attack,Ssl,Encryption,Lotus Domino,Poodle Attack,我们有5个客户从Domino运行相同的Web服务这个周末，我们用Domino9.01更新了客户服务器。FP2和贵宾犬固定包能够运行TLS 1.0输入和输出 4.顾客工作完美 1客户收到传出Web服务的SSL错误（与我们更新服务器之前的错误相同），输入对TLS有效，因此我们猜测Poodle的更新已按预期工作在为一个正在工作和出现故障的服务器设置som DEBUG_SSL参数后，我们获得了以下日志失败的一行是 S\u Read>nti\u done返回0字节rc=9 而不是预定的 S\u Re

我们有5个客户从Domino运行相同的Web服务这个周末，我们用Domino9.01更新了客户服务器。FP2和贵宾犬固定包能够运行TLS 1.0输入和输出

4.顾客工作完美 1客户收到传出Web服务的SSL错误（与我们更新服务器之前的错误相同），输入对TLS有效，因此我们猜测Poodle的更新已按预期工作

在为一个正在工作和出现故障的服务器设置som DEBUG_SSL参数后，我们获得了以下日志

失败的一行是

S\u Read>nti\u done返回0字节rc=9

而不是预定的

S\u Read>nti\u done返回5字节rc=0

SSL\u RCV>00000000:16 03 01 00 2E

我搜索过谷歌，没有任何东西可以理解它遗漏了什么我猜在协商密码时会有一些问题，但是为什么以及如何解决这个问题呢。我知道外面有一些聪明人；-）

来自失败的服务器握手的日志

从工作服务器握手记录

/斯特凡

PS：以下是握手错误之后出现的Java错误

Error connecting to 'xxxxx' on port '443', SSL IO error. Remote session no longer responding.
at lotus.domino.axis.InternalFault.makeFault(Unknown Source)
at lotus.domino.axis.transport.http.HTTPSender.invoke(Unknown Source)
at lotus.domino.axis.strategies.InvocationStrategy.visit(Unknown Source)
at lotus.domino.axis.SimpleChain.doVisiting(Unknown Source)
at lotus.domino.axis.SimpleChain.invoke(Unknown Source)
at lotus.domino.axis.client.AxisClient.invoke(Unknown Source)
at lotus.domino.axis.client.Call.invokeEngine(Unknown Source)
at lotus.domino.axis.client.Call.invoke(Unknown Source)
at lotus.domino.axis.client.Call.invoke(Unknown Source)
at lotus.domino.axis.client.Call.invoke(Unknown Source)
at lotus.domino.axis.client.Call.invoke(Unknown Source)
at lotus.domino.websvc.client.Call.invoke(Unknown Source)

客户端是否涉及一些负载平衡器（如F5）或其他一些可能会在SSL连接上发出嘎嘎声的中间盒？不，不，不涉及任何其他内容数据库已关闭。Web服务提供商突然告诉我们，他们的握手有问题，不接受提供的TLS 1.0协议，所以问题就在这一边

  int_MapSSLError> Mapping SSL error 0 to 0 [SSLNoErr]
  SSL_Handshake> Enter
  SSL_Handshake> Current Cipher 0x0000 (Unknown Cipher)
  SSLAdvanceHandshake Enter> Processed : 0 State: 4 (HandshakeClientIdle)
  SSLAdvanceHandshake Enter> Processed : SSL_hello_request
  SSLAdvanceHandshake calling SSLPrepareAndQueueMessage> SSLEncodeClientHello
  SSLEncodeClientHello> We offered SSL/TLS version TLS1.0 (0x0301)
  SSLAdvanceHandshake Exit> State : 5 (HandshakeServerHello)
  S_Write> Enter len = 58
  SSL_Xmt> 00000000: 16 03 01 00 35 01 00 00 31 03 01 54 A5 89 B3 A0   '....5...1..T%.3 '
  SSL_Xmt> 00000010: 2B 75 D1 E9 D4 81 87 C3 5D 91 45 84 6A E2 47 9D   '+uQiT..C].E.jbG.'
  SSL_Xmt> 00000020: 76 BE 14 A8 A6 10 1C 06 FB 7D 8B 00 00 0A 00 2F   'v>.(&...{}...../'
  SSL_Xmt> 00000030: 00 35 00 05 00 0A 00 04 01 00                     '.5........'
  S_Write> Switching Endpoint to sync
  S_Write> Posting a nti_snd for 58 bytes
  SSL_EncryptData> SSL not init exit
  S_Write> Switching Endpoint to async
  SSL_EncryptDataCleanup> SSL not init exit
  S_Write> nti_done return 58 bytes rc = 0
  S_Write> Exit, wrote 58 bytes
  S_Read> Enter len = 5
  S_Read> Switching Endpoint to sync
  S_Read> Posting a nti_rcv for 5 bytes
  SSL_RcvSetup> SSL not init exit
  S_Read> Switching Endpoint to async
  S_Read> nti_done return 5 bytes rc = 0
  SSL_RCV> 00000000: 16 03 01 00 2E                                    '.....'
  S_Read> Exit, read 5 bytes
  S_Read> Enter len = 46
  S_Read> Switching Endpoint to sync
  S_Read> Posting a nti_rcv for 46 bytes
  SSL_RcvSetup> SSL not init exit
  S_Read> Switching Endpoint to async
  S_Read> nti_done return 46 bytes rc = 0
  SSL_RCV> 00000000: 02 00 00 2A 03 01 54 7C 9D 24 4C B4 AD 62 4E 35   '...*..T|.$L4-bN5'
  SSL_RCV> 00000010: 4C C3 B4 AB 34 6D 7D CB 8F 6B CC 80 00 FE 4C 4A   'LC4+4m}K.kL..~LJ'
  SSL_RCV> 00000020: 77 87 CD 2E DF 98 04 10 13 29 0B 00 2F 00         'w.M._....)../.'
  S_Read> Exit, read 46 bytes
  SSLProcessProtocolMessage> Record Content: 22
  SSLProcessHandshakeMessage Enter> Message: 2 State: 5 (HandshakeServerHello) Key Exchange: 0 Cipher: 0x0000 (Unknown Cipher)
  SSLProcessHandshakeMessage Enter> Message: SSL_server_hello
  SSLProcessServerHello> Server chose SSL/TLS version TLS1.0 (0x0301)
  SSLProcessHandshakeMessage Exit> Message: 2 State: 5 (HandshakeServerHello) Key Exchange: 1 Cipher: 0x002F (RSA_WITH_AES_128_CBC_SHA)
  SSLAdvanceHandshake Enter> Processed : 2 State: 5 (HandshakeServerHello)
  SSLAdvanceHandshake Enter> Processed : SSL_server_hello
  SSLAdvanceHandshake Exit> State : 8 (HandshakeCertificate)
  SSL_Handshake> After handshake state= 8 Status= -5000
  SSL_Handshake> Exit Status = -5000
  int_MapSSLError> Mapping SSL error -5000 to 4176 [SSLHandshakeNoDone]
  SSL_Handshake> Enter
  SSL_Handshake> Current Cipher 0x002F (RSA_WITH_AES_128_CBC_SHA)
  S_Read> Enter len = 5
  S_Read> Switching Endpoint to sync
  S_Read> Posting a nti_rcv for 5 bytes
  SSL_RcvSetup> SSL not init exit
  S_Read> Switching Endpoint to async
  S_Read> nti_done return 5 bytes rc = 0
  SSL_RCV> 00000000: 16 03 01 0E 9D                                    '.....'
  S_Read> Exit, read 5 bytes
  S_Read> Enter len = 3741

Error connecting to 'xxxxx' on port '443', SSL IO error. Remote session no longer responding.
at lotus.domino.axis.InternalFault.makeFault(Unknown Source)
at lotus.domino.axis.transport.http.HTTPSender.invoke(Unknown Source)
at lotus.domino.axis.strategies.InvocationStrategy.visit(Unknown Source)
at lotus.domino.axis.SimpleChain.doVisiting(Unknown Source)
at lotus.domino.axis.SimpleChain.invoke(Unknown Source)
at lotus.domino.axis.client.AxisClient.invoke(Unknown Source)
at lotus.domino.axis.client.Call.invokeEngine(Unknown Source)
at lotus.domino.axis.client.Call.invoke(Unknown Source)
at lotus.domino.axis.client.Call.invoke(Unknown Source)
at lotus.domino.axis.client.Call.invoke(Unknown Source)
at lotus.domino.axis.client.Call.invoke(Unknown Source)
at lotus.domino.websvc.client.Call.invoke(Unknown Source)