SSL 连接警报握手失败

SSL 连接警报握手失败

我在建立客户端和服务器之间的连接时遇到问题。我在客户端和服务器上使用我自己的签名证书。我使用的是 SSL 密码 SSLCipherSuite ECDH-ECDSA-AES128-SHA,有人建议我应该使用 prime256v1 椭圆曲线(我不知道这到底是什么意思)。我正在使用 apache tomcat 服务器。我的 httpd-ssl-virtual-host-conf 如下所示

ssl 读取字节 sslv3 警报 handshake_failure

   Listen 4445
##
## SSL Virtual Host Context
##

Include "conf/httpd-jk.conf"
<VirtualHost *:4445>
#General setup for the virtual host
DocumentRoot "htdocs"
ServerName ocu1.totalsoft.ro
ServerAdmin [email protected]
ErrorLog "logs/error_log"
TransferLog "logs/access_log"
CustomLog logs/car2x.log combined

#JKMount  /car2x/* worker1

JKMount  /BTS/* worker1
#<Location "/car2x/WEB-INF/">

<Location "/BTS/WEB-INF/">
   deny from all
</Location>

JkMountCopy On

<Directory "htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProtocol -All +SSLv3 +TLSv1
#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite ECDH-ECDSA-AES128-SHA
#SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+SSLv3:+TLSv1:+EXP:+eNULL
# This is only for allowed ciphers specified within the core service communication document
#SSLCipherSuite HIGH:+MEDIUM:+LOW:+SSLv3:+TLSv1:+ECDH-ECDSA-AES128-SHA:+ECDHE-ECDSA-AES256-SHA:+ECDH-ECDSA-AES128-SHA256
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
#SSLCipherSuite AES128-SHA

#SSLCertificateFile "conf/server-cert.pem"
#SSLCertificateFile "conf/resource/server-cert.pem"
SSLCertificateFile "conf/resource/Bucharest4.pem"


#SSLCertificateFile "conf/server-dsa.crt"

#SSLCertificateKeyFile "conf/server-key.pem"
#SSLCertificateKeyFile "conf/server-key.pem"
SSLCertificateKeyFile "conf/resource/Bucharest4_key.pem"


SSLCACertificateFile "conf/ca.pem"


SSLVerifyClient optional_no_ca

#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLOptions +ExportCertData
#<FilesMatch "\.(cgi|shtml|phtml|php)$">
#    SSLOptions +StdEnvVars
#</FilesMatch>
<Directory "cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

I'm getting the followinq error on the client side

D/https(1153): INFO TEXT: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

但是当我尝试连接时,openssl s_client -ciphers ECDH-ECDSA-AES-SHA -connect ocu1.totalsoft.ro -k它能起作用吗?

我可以提供 wireshark 日志。在该日志中,我收到了很多客户端 hello,但没有收到服务器 hello。相反,我收到了sslv3 alert with number 40 (hanshake_failure)

相关内容