什么原因导致客户端没有发送[ChangeCipherSpec]包

什么原因导致客户端没有发送[ChangeCipherSpec]包

我遇到一个问题。我在进行 TLS 握手时有一个设备,客户端发送 [ChangeCipherSpec] 失败,目前所有 https 网站都失败了,但 http 可以工作。
我从 wireshark 检查它,它显示如下所示,没有 [ChangeCipherSpec] 并且失败,另外 2 个设备显示 [ChangeCipherSpec] 并且成功。

1587    8.836364    192.168.250.5   157.240.7.35    TCP 66  64134 → 443 [SYN, ECE, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM
1589    8.836480    157.240.7.35    192.168.250.5   TCP 66  443 → 64134 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM WS=128
1590    8.836514    192.168.250.5   157.240.7.35    TCP 54  64134 → 443 [ACK] Seq=1 Ack=1 Win=65536 Len=0
1592    8.838231    192.168.250.5   157.240.7.35    TLSv1.3 571 Client Hello
1593    8.838397    157.240.7.35    192.168.250.5   TCP 60  443 → 64134 [ACK] Seq=1 Ack=518 Win=30336 Len=0
1609    8.946316    157.240.7.35    192.168.250.5   TLSv1.3 1514    Server Hello, Change Cipher Spec, Application Data
1610    8.946357    157.240.7.35    192.168.250.5   TLSv1.3 1514    Application Data
1611    8.946357    157.240.7.35    192.168.250.5   TLSv1.3 566 Application Data
1612    8.946381    192.168.250.5   157.240.7.35    TCP 54  64134 → 443 [ACK] Seq=518 Ack=3433 Win=65536 Len=0
2228    18.947282   192.168.250.5   157.240.7.35    TCP 55  [TCP Keep-Alive] 64134 → 443 [ACK] Seq=517 Ack=3433 Win=65536 Len=1
2229    18.947350   157.240.7.35    192.168.250.5   TCP 66  [TCP Keep-Alive ACK] 443 → 64134 [ACK] Seq=3433 Ack=518 Win=30336 Len=0 SLE=517 SRE=518
2421    28.956723   192.168.250.5   157.240.7.35    TCP 55  [TCP Keep-Alive] 64134 → 443 [ACK] Seq=517 Ack=3433 Win=65536 Len=1
2422    28.956791   157.240.7.35    192.168.250.5   TCP 66  [TCP Keep-Alive ACK] 443 → 64134 [ACK] Seq=3433 Ack=518 Win=30336 Len=0 SLE=517 SRE=518
7627    38.966424   192.168.250.5   157.240.7.35    TCP 55  [TCP Keep-Alive] 64134 → 443 [ACK] Seq=517 Ack=3433 Win=65536 Len=1
7628    38.966471   157.240.7.35    192.168.250.5   TCP 66  [TCP Keep-Alive ACK] 443 → 64134 [ACK] Seq=3433 Ack=518 Win=30336 Len=0 SLE=517 SRE=518
10615   48.974212   192.168.250.5   157.240.7.35    TCP 55  [TCP Keep-Alive] 64134 → 443 [ACK] Seq=517 Ack=3433 Win=65536 Len=1
10616   48.974281   157.240.7.35    192.168.250.5   TCP 66  [TCP Keep-Alive ACK] 443 → 64134 [ACK] Seq=3433 Ack=518 Win=30336 Len=0 SLE=517 SRE=518
12473   58.982406   192.168.250.5   157.240.7.35    TCP 55  [TCP Keep-Alive] 64134 → 443 [ACK] Seq=517 Ack=3433 Win=65536 Len=1
12474   58.982474   157.240.7.35    192.168.250.5   TCP 66  [TCP Keep-Alive ACK] 443 → 64134 [ACK] Seq=3433 Ack=518 Win=30336 Len=0 SLE=517 SRE=518
16847   68.951086   157.240.7.35    192.168.250.5   TLSv1.3 78  Application Data
16848   68.951226   157.240.7.35    192.168.250.5   TCP 60  443 → 64134 [FIN, ACK] Seq=3457 Ack=518 Win=30336 Len=0
16849   68.951251   192.168.250.5   157.240.7.35    TCP 54  64134 → 443 [ACK] Seq=518 Ack=3457 Win=65536 Len=0
16850   68.951315   192.168.250.5   157.240.7.35    TCP 54  64134 → 443 [ACK] Seq=518 Ack=3458 Win=65536 Len=0
16851   68.951537   192.168.250.5   157.240.7.35    TCP 54  64134 → 443 [RST, ACK] Seq=518 Ack=3458 Win=0 Len=0

铬错误: 无法访问此网站,雅虎意外关闭了连接。 火狐错误: 安全连接失败,错误代码:PR_END_OF_FILE_ERROR

我确实尝试过: 其他浏览器(IE、opera)也失败。重新安装 chrome/firefox。重置 firefox 设置。dism restorehealth,sfc scannow。重启设备。windows 更新。更改本地 IP。更改为不同的时间然后再改回时间。关闭 windows 防火墙。

设备 2:它与设备 1 保持相同的防火墙区域和相同的操作系统。这是成功显示的网站。

1233    13.395296   192.168.250.6   157.240.7.35    TCP 66  31442 → 443 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
1234    13.395446   157.240.7.35    192.168.250.6   TCP 66  443 → 31442 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=128
1235    13.395495   192.168.250.6   157.240.7.35    TCP 54  31442 → 443 [ACK] Seq=1 Ack=1 Win=525568 Len=0
1236    13.396814   192.168.250.6   157.240.7.35    TLSv1.3 571 Client Hello
1237    13.396916   157.240.7.35    192.168.250.6   TCP 60  443 → 31442 [ACK] Seq=1 Ack=518 Win=30336 Len=0
1240    13.481057   157.240.7.35    192.168.250.6   TLSv1.3 1446    Server Hello, Change Cipher Spec, Application Data
1241    13.489076   157.240.7.35    192.168.250.6   TLSv1.3 1514    Application Data [TCP segment of a reassembled PDU]
1242    13.489076   157.240.7.35    192.168.250.6   TLSv1.3 632 Application Data
1243    13.489138   192.168.250.6   157.240.7.35    TCP 54  31442 → 443 [ACK] Seq=518 Ack=3431 Win=525568 Len=0
1246    13.508110   192.168.250.6   157.240.7.35    TLSv1.3 118 Change Cipher Spec, Application Data
1247    13.508184   157.240.7.35    192.168.250.6   TCP 60  443 → 31442 [ACK] Seq=3431 Ack=582 Win=30336 Len=0
1269    13.824157   157.240.7.35    192.168.250.6   TLSv1.3 1514    Application Data [TCP segment of a reassembled PDU]
1270    13.824157   157.240.7.35    192.168.250.6   TLSv1.3 131 Application Data
1271    13.824204   192.168.250.6   157.240.7.35    TCP 54  31442 → 443 [ACK] Seq=1109 Ack=6649 Win=525568 Len=0

设备 3:这也成功加载了页面。

6034    39.799054   192.168.123.126 157.240.235.35  TCP 66  10033 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM
6050    39.817120   157.240.235.35  192.168.123.126 TCP 66  443 → 10033 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1392 SACK_PERM WS=256
6051    39.817195   192.168.123.126 157.240.235.35  TCP 54  10033 → 443 [ACK] Seq=1 Ack=1 Win=132096 Len=0
6052    39.819030   192.168.123.126 157.240.235.35  TLSv1.3 571 Client Hello
6061    39.837593   157.240.235.35  192.168.123.126 TCP 60  443 → 10033 [ACK] Seq=1 Ack=518 Win=66816 Len=0
6063    39.837919   157.240.235.35  192.168.123.126 TLSv1.3 1446    Server Hello, Change Cipher Spec, Application Data
6065    39.838300   157.240.235.35  192.168.123.126 TLSv1.3 1446    Application Data
6066    39.838300   157.240.235.35  192.168.123.126 TLSv1.3 703 Application Data
6067    39.838357   192.168.123.126 157.240.235.35  TCP 54  10033 → 443 [ACK] Seq=518 Ack=3434 Win=132096 Len=0
6098    39.895065   192.168.123.126 157.240.235.35  TLSv1.3 118 Change Cipher Spec, Application Data
6101    39.895785   192.168.123.126 157.240.235.35  TLSv1.3 224 Application Data
6102    39.895828   192.168.123.126 157.240.235.35  TLSv1.3 1346    Application Data
6111    39.913437   157.240.235.35  192.168.123.126 TCP 60  443 → 10033 [ACK] Seq=3434 Ack=752 Win=67840 Len=0

我确实尝试使用其他工具(Procmon64、procexp64 等)进行检查,但没有帮助。

相关内容