我有一个服务器应用程序在我的计算机上运行,监听某个端口。当我尝试使用 OpenSSL 时(在 Mac 上,我已经通过 brew 从 OpenSSL 的默认 Mac 版本升级)。
openssl s_client -connect 0.0.0.0:80051 -showcerts -prexit -servername localhost -debug
响应
CONNECTED(00000003)
write to 0x7fe62b41b370 [0x7fe62b80d000] (118 bytes => 118 (0x76))
0000 - 16 03 01 00 71 01 00 00-6d 03 01 58 d2 84 72 d5 ....q...m..X..r.
0010 - 1b d3 47 9c 8e 6b b3 fb-10 a5 21 af 0e 5d 79 7b ..G..k....!..]y{
0020 - 54 77 4b 70 11 b0 77 5e-1e 9c e7 00 00 2e 00 39 TwKp..w^.......9
0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f .8.5.......3.2./
0040 - 00 9a 00 99 00 96 00 05-00 04 00 15 00 12 00 09 ................
0050 - 00 14 00 11 00 08 00 06-00 03 00 ff 01 00 00 16 ................
0060 - 00 00 00 0e 00 0c 00 00-09 6c 6f 63 61 6c 68 6f .........localho
0070 - 73 74 00 23 st.#
0076 - <SPACES/NULS>
read from 0x7fe62b41b370 [0x7fe62b812600] (7 bytes => 0 (0x0))
85473:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.60.1/src/ssl/s23_lib.c:185:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 118 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
在服务器上
E0322 10:04:34.017891000 123145312870400 ssl_transport_security.c:947] Handshake failed with fatal error SSL_ERROR_SSL: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number.
E0322 10:04:34.017964000 123145312870400 chttp2_server.c:123] Handshaking failed: {"created":"@1490191474.017913000","description":"Handshake failed","file":"../src/core/lib/security/transport/security_handshaker.c","file_line":274,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}
我尝试在 OpenSSL 命令中传递 -ssl3 和 -tls1 但没有成功。关于如何处理信息或使用 openssl 进一步调试可能导致 ssl 客户端连接到服务器的问题的任何想法。谢谢
最佳答案
i upgraded via brew already from the default Mac version for OpenSSL...
0000 - 16 03 01 .... 03 01
调试日志显示带有 TLS 版本 1.0 (0x0301) 的 ClientHello。这表明使用的是旧版本的 OpenSSL 而不是升级版本,因为此版本 1.0.1(2012 年发布)支持 TLS 1.2 并将默认使用它。
关于macos - 使用 openssl 终端命令调试 SSL 连接,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42954114/