尝试通过 SSL 连接到 xmpp 服务器时,openssl 失败并出现以下错误:3071833836:错误:140790E5:SSL 例程:SSL23_WRITE:ssl 握手失败:s23_lib.c:177
我相信服务器使用 RC4-MD5 密码,这里是完整的输出:
[root@localhost ~]# openssl s_client -connect 184.106.52.124:5222 -cipher RC4-MD5
CONNECTED(00000003)
>>> SSL 2.0 [length 0032], CLIENT-HELLO
01 03 03 00 09 00 00 00 20 00 00 04 01 00 80 00
00 ff b0 c9 c2 3f 0b 0e 98 df b4 dc fe b7 e8 8f
17 9a 34 b5 9b 17 1b 2b ac 01 dc bd 2b a9 2d 18
44 0c
3071866604:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 52 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
使用 gnutls-cli:
[root@localhost ~]# gnutls-cli 184.106.52.124 -p 5222
Resolving '184.106.52.124'...
Connecting to '184.106.52.124:5222'...
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GNUTLS ERROR: A TLS packet with unexpected length was received.
通过端口 5223 连接到同一台服务器可以正常工作。
在 CentOS 6.5 上使用 OpenSSL 1.0.1e-fips,在 Ubuntu 14.04.1 上使用 OpenSSL 1.0.1f
有什么方法可以解决这个问题吗?提前谢谢您。
答案1
从您目前发布的内容来看,听起来有点像监听端口 5222 的进程未使用 SSL。作为诊断,也许可以尝试此处的答案:
https://serverfault.com/questions/37699/how-to-check-if-a-server-support-xmpp-protocol/37722#37722
此外,从这里来看:https://stackoverflow.com/questions/3452161/which-ports-does-xmpp-use,端口 5222 上的连接通常不受 SSL 保护(请参阅 RFC 3920,附录 D1)。