Falha de interrupção de alerta de conexão SSL

2

Estou tendo problemas para estabelecer a conexão entre o cliente e o servidor. Estou usando meu próprio certificado assinado no cliente e no servidor. Eu estou usando as cifras SSL SSLCipherSuite ECDH-ECDSA-AES128-SHA e alguns sugeriram que eu deveria usar as curvas elípticas prime256v1 (eu não sei exatamente o que isso significa). Eu estou usando um servidor apache tomcat.Meu httpd- ssl-virtual-host-conf se parece com isso

ssl lê bytes alerta sslv3 handshake_failure

   Listen 4445
##
## SSL Virtual Host Context
##

Include "conf/httpd-jk.conf"
<VirtualHost *:4445>
#General setup for the virtual host
DocumentRoot "htdocs"
ServerName ocu1.totalsoft.ro
ServerAdmin [email protected]
ErrorLog "logs/error_log"
TransferLog "logs/access_log"
CustomLog logs/car2x.log combined

#JKMount  /car2x/* worker1

JKMount  /BTS/* worker1
#<Location "/car2x/WEB-INF/">

<Location "/BTS/WEB-INF/">
   deny from all
</Location>

JkMountCopy On

<Directory "htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProtocol -All +SSLv3 +TLSv1
#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite ECDH-ECDSA-AES128-SHA
#SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+SSLv3:+TLSv1:+EXP:+eNULL
# This is only for allowed ciphers specified within the core service communication document
#SSLCipherSuite HIGH:+MEDIUM:+LOW:+SSLv3:+TLSv1:+ECDH-ECDSA-AES128-SHA:+ECDHE-ECDSA-AES256-SHA:+ECDH-ECDSA-AES128-SHA256
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
#SSLCipherSuite AES128-SHA

#SSLCertificateFile "conf/server-cert.pem"
#SSLCertificateFile "conf/resource/server-cert.pem"
SSLCertificateFile "conf/resource/Bucharest4.pem"


#SSLCertificateFile "conf/server-dsa.crt"

#SSLCertificateKeyFile "conf/server-key.pem"
#SSLCertificateKeyFile "conf/server-key.pem"
SSLCertificateKeyFile "conf/resource/Bucharest4_key.pem"


SSLCACertificateFile "conf/ca.pem"


SSLVerifyClient optional_no_ca

#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLOptions +ExportCertData
#<FilesMatch "\.(cgi|shtml|phtml|php)$">
#    SSLOptions +StdEnvVars
#</FilesMatch>
<Directory "cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

I'm getting the followinq error on the client side

D/https(1153): INFO TEXT: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

Mas quando estou tentando me conectar com openssl s_client -ciphers ECDH-ECDSA-AES-SHA -connect ocu1.totalsoft.ro -k , funciona?

Eu posso fornecer logs de wireshark. Naqueles logs eu recebo um monte de hello cliente, mas nenhum servidor hello. Em vez disso, recebo sslv3 alert with number 40 (hanshake_failure) .

    
por Marian Craciunescu 10.12.2012 / 07:51

0 respostas