我在建立客户端和服务器之间的连接时遇到问题。我在客户端和服务器上使用我自己的签名证书。我使用的是 SSL 密码 SSLCipherSuite ECDH-ECDSA-AES128-SHA,有人建议我应该使用 prime256v1 椭圆曲线(我不知道这到底是什么意思)。我正在使用 apache tomcat 服务器。我的 httpd-ssl-virtual-host-conf 如下所示
ssl 读取字节 sslv3 警报 handshake_failure
Listen 4445
##
## SSL Virtual Host Context
##
Include "conf/httpd-jk.conf"
<VirtualHost *:4445>
#General setup for the virtual host
DocumentRoot "htdocs"
ServerName ocu1.totalsoft.ro
ServerAdmin [email protected]
ErrorLog "logs/error_log"
TransferLog "logs/access_log"
CustomLog logs/car2x.log combined
#JKMount /car2x/* worker1
JKMount /BTS/* worker1
#<Location "/car2x/WEB-INF/">
<Location "/BTS/WEB-INF/">
deny from all
</Location>
JkMountCopy On
<Directory "htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProtocol -All +SSLv3 +TLSv1
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ECDH-ECDSA-AES128-SHA
#SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+SSLv3:+TLSv1:+EXP:+eNULL
# This is only for allowed ciphers specified within the core service communication document
#SSLCipherSuite HIGH:+MEDIUM:+LOW:+SSLv3:+TLSv1:+ECDH-ECDSA-AES128-SHA:+ECDHE-ECDSA-AES256-SHA:+ECDH-ECDSA-AES128-SHA256
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
#SSLCipherSuite AES128-SHA
#SSLCertificateFile "conf/server-cert.pem"
#SSLCertificateFile "conf/resource/server-cert.pem"
SSLCertificateFile "conf/resource/Bucharest4.pem"
#SSLCertificateFile "conf/server-dsa.crt"
#SSLCertificateKeyFile "conf/server-key.pem"
#SSLCertificateKeyFile "conf/server-key.pem"
SSLCertificateKeyFile "conf/resource/Bucharest4_key.pem"
SSLCACertificateFile "conf/ca.pem"
SSLVerifyClient optional_no_ca
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLOptions +ExportCertData
#<FilesMatch "\.(cgi|shtml|phtml|php)$">
# SSLOptions +StdEnvVars
#</FilesMatch>
<Directory "cgi-bin">
SSLOptions +StdEnvVars
</Directory>
I'm getting the followinq error on the client side
D/https(1153): INFO TEXT: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
但是当我尝试连接时,openssl s_client -ciphers ECDH-ECDSA-AES-SHA -connect ocu1.totalsoft.ro -k
它能起作用吗?
我可以提供 wireshark 日志。在该日志中,我收到了很多客户端 hello,但没有收到服务器 hello。相反,我收到了sslv3 alert with number 40 (hanshake_failure)
。