我正在建立一个网络服务器(http://blog.linformatronics.nl/),它在 IPv4 和 IPv6 上以及使用非 SSL 连接时都可以正常工作。但是,当我通过 https 连接到它时,IPv6 可以正常工作,但 IPv4 连接会引发客户端错误。IPv4/https 连接的服务器端日志为空。总结在表格中:
| http | https
-----+-------+-------------------------------------------------------
IPv4 | works | OpenSSL error, failed. No server side logging.
-----+-------+-------------------------------------------------------
IPv6 | works | self signed certificate warning, but works as expected
显然 SSL 隧道甚至没有设置,这导致 Apache 日志为空。但为什么它对 IPv6 运行良好,而对 IPv4 却失败了?我的问题是为什么是否出现了这个 OpenSSL 错误?我该如何解决?
以下是有关设置的一些额外信息。
IPv6 https
用于重现 IPv6/https 行为的命令:
$ wget --no-check-certificate -O /dev/null -6 https://blog.linformatronics.nl
--2012-11-03 15:46:48-- https://blog.linformatronics.nl/
Resolving blog.linformatronics.nl (blog.linformatronics.nl)... 2001:980:1b7f:1:a00:27ff:fea6:a2e7
Connecting to blog.linformatronics.nl (blog.linformatronics.nl)|2001:980:1b7f:1:a00:27ff:fea6:a2e7|:443... connected.
WARNING: cannot verify blog.linformatronics.nl's certificate, issued by `/CN=localhost':
Self-signed certificate encountered.
WARNING: certificate common name `localhost' doesn't match requested host name `blog.linformatronics.nl'.
HTTP request sent, awaiting response... 200 OK
Length: 4556 (4.4K) [text/html]
Saving to: `/dev/null'
100%[=======================================================================>] 4,556 --.-K/s in 0s
2012-11-03 15:46:49 (62.5 MB/s) - `/dev/null' saved [4556/4556]
IPv4 https
用于重现 IPv6/https 行为的命令:
$ wget --no-check-certificate -O /dev/null -4 https://blog.linformatronics.nl
--2012-11-03 15:47:28-- https://blog.linformatronics.nl/
Resolving blog.linformatronics.nl (blog.linformatronics.nl)... 82.95.251.247
Connecting to blog.linformatronics.nl (blog.linformatronics.nl)|82.95.251.247|:443... connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.
笔记
- 我在 Ubuntu Server 12.04.1 LTS 上
答案1
您的防火墙/NAT 配置存在严重错误。您实际上并未在端口 443 上运行 Web 服务器...
$ telnet 82.95.251.247 443
Trying 82.95.251.247...
Connected to 82.95.251.247.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1
并且您的 IPv6 服务似乎已被防火墙关闭……
$ telnet 2001:980:1b7f:1:a00:27ff:fea6:a2e7 443
Trying 2001:980:1b7f:1:a00:27ff:fea6:a2e7...
telnet: connect to address 2001:980:1b7f:1:a00:27ff:fea6:a2e7: Permission denied
修复你的防火墙和/或错误端口上的服务问题,你会发现一切开始正常工作。