CouchDB不能在SSL上工作
我正在运行CouchDB Docker容器V.2.1.1。在这一点上,除了SSL之外,一切都在工作。我正在遵循关于SSL设置的CouchDB文档。容器具有OpenSSL 1.0.1T。
"ERR_CONNECTION_CLOSED".
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:6984
hello terminated with reason: no function clause matching ssl_cipher:hash_algorithm
对最后一个错误进行搜索会出现指示Erlang版本有问题的信息。但是,我相信CouchDB容器已经有了一个补丁版本。我尝试用:
apt-get install Erlang
这没什么区别。搜索结果还指出OpenSSL的版本有问题。我从源代码升级到OpenSSL 1.1.1,重新创建了证书,但问题仍然存在。
根据要求,下面是几个命令的输出。
CONNECTED(00000005)
140736008328136:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.50.2/libressl/ssl/s23_lib.c:124:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 318 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---
curl 7.54.0 (x86_64-apple-darwin17.0) libcurl/7.54.0 LibreSSL/2.0.20 zlib/1.2.11 nghttp2/1.24.0
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: Asynchhtml" target="_blank">DNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz HTTP2 UnixSockets HTTPS-proxy
* Rebuilt URL to: https://localhost:6984/
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 6984 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:6984
* stopped the pause stream!
* Closing connection 0
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:6984
curl-k--密码默认https://localhost:6984
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:6984
curl-k-密码ECDHE-RSA-AES256-GCM-SHA384 https://localhost:6984
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:6984
以下三个命令的输出非常相似。我只会展示不同之处。然而,似乎握手现在是用所有这些命令进行的。
CONNECTED(00000005)
SSL handshake has read 1762 bytes and written 400 bytes
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 18C5DF9DCA1B8AA0DBD33258BCD253053F8D1D91B524B0561A1C0FAB8CFB5146
Master-Key: FD0C57E4E8FB992C0323D43930C104D82B69C4200F42E03EDB51E38A47448D62FDCB6E813583E2177A339B74B4D0CC4A
Start Time: 1525593658
Timeout : 7200 (sec)
CONNECTED(00000003)
Peer signing digest: SHA512
Server Temp Key: DH, 1024 bits
SSL handshake has read 1796 bytes and written 537 bytes
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA256
SSL-Session:
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-SHA256
Session-ID: A19D67CBE634843181859DB2C3C4D1A3416C9F7DAA85CF470D412FE723AD49B4
Master-Key: 61B711B9BEDB651868607527439D01B421780C7D584FCE68C4754A7A7F3563923409C03F4B68BB7914397B48A92FC756
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1525593604
Timeout : 300 (sec)
$path/to/brew/version/of/openSSL s_client-tls1-connect localhost:6984
SSL handshake has read 1762 bytes and written 397 bytes
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 6CC7FFE1C7CE258F105C7ADD5D8A9C0DFFB26A5A9555EB218EE48E519D361208
Master-Key: 2D6DFAC01544F6FF5F4138D877A4105485D5A2F77B58B4796822625E2E602455C38E3EEB2CBACE07FA03D207B07C715E
Start Time: 1525593717
Timeout : 7200 (sec)
$curl-k--tlsv1 https://localhost:6984
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:6984
$curl-k--tlsv1.0 https://localhost:6984
{"couchdb":"Welcome","version":"2.1.1","features":["scheduler"],"vendor":{"name":"The Apache Software Foundation"}}
共有1个答案
为了更深入地挖掘,你能发布以下命令的输出吗?
$ openssl s_client -connect localhost:6984
$ curl --version
$ curl -k -v https://localhost:6984
$ curl -k --ciphers DEFAULT https://localhost:6984
$ curl -k --ciphers ECDHE-RSA-AES256-GCM-SHA384 https://localhost:6984
顺便说一句,我注意到您的curl使用的是LibreSSL而不是OpenSSL,如您得到的错误消息所示:
curl:(35)LibreSSL SSL_CONNECT:SSL_ERROR_SYSCALL,连接到本地主机:6984
$ openssl s_client -connect localhost:6984
已连接(00000005)140736008328136:错误:140790E5:SSL例程:SSL23_Write:SSL握手失败:/buildroot/library/caches/com.apple.xbs/sources/libressl/libressl-22.50.2/libressl/ssl/s23_lib.c:124:
你能报告这个命令的输出吗:
$ openssl s_client -tls1 -connect localhost:6984
此外,可以推断问题的原因是macOS默认版本的libressl/openssl。要解决此问题,请尝试安装brew版本OpenSSL并再次运行此命令,然后报告输出:
$ path/to/brew/version/of/openssl s_client -connect localhost:6984
也请张贴的输出这个太:
$ path/to/brew/version/of/openssl s_client -tls1 -connect localhost:6984
根据您报告的输出,请尝试以下命令,看看它是否有效:
$ curl -k --tlsv1 https://localhost:6984
-
我正在为一个tomcat实例修补RH Linux7上的自签名证书,但有一段时间,我没有浏览器警告。我在这里遵循了这些人的说明(让Chrome接受自签名的本地主机证书),并尝试使用KeyTool将.crt导入到我的tomcat实例中。使用以下命令- 创建密钥库-keytool-keysize 2048-genkey-alias tomcat-keyalg RSA-keystore tomcat.ke
-
我有一个在远程服务器上运行的spring boot应用程序。当我构建它在HTTP上工作时,一切工作都很好。但当我试图设置SSL时,应用程序不能工作。它不会抛出错误或任何东西。但我无法访问浏览器中的任何页面(我尝试了https://www.example.com、https://www.example.com:8443、https://example.com等)。 > 我已经从certificate
-
结果在Windows和Linux之间有所不同。 Linux:鼠标位置:0,0 Windows:鼠标位置:623.0,367.0 我不知道为什么它不能在windows上工作,甚至似乎与lwjgl版本完全无关,因为我尝试了3.1.6、3.2.1、3.2.2和3.2.3-snapshot,所有这些版本都是一样的。所以问题要么是我在创建窗口时忘记了一些东西,要么是windows在某个更新中损坏了一些东西,
-
我在Windows8.1上安装了JDK8_U25,但是javac和javap命令不起作用。我转到环境变量并将Path的值更改为 C:\Program Files(x86)\AMD app\bin\x86_64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SystemRoot%\system32\windowsPowe
-
下面是连接到HTTPS/SSL的我的代码 那我能做什么呢?请帮我找到正确的代码...
-
我的Spring Boot项目在https/ssl上工作得很好,当本地服务时,使用p12证书,但当上传到AWS弹性豆茎时失败了。 以下是Application.Properties配置: WebSecurityConfigurerAdapter子类configure(HttpSecurity http)方法包含以下行,以启用HTTPS/SSL: 我还为under.ebextensions设置了路径