Estou tendo problemas para estabelecer a conexão entre o cliente e o servidor. Estou usando meu próprio certificado assinado no cliente e no servidor. Eu estou usando as cifras SSL SSLCipherSuite ECDH-ECDSA-AES128-SHA e alguns sugeriram que eu deveria usar as curvas elípticas prime256v1 (eu não sei exatamente o que isso significa). Eu estou usando um servidor apache tomcat.Meu httpd- ssl-virtual-host-conf se parece com isso
ssl lê bytes alerta sslv3 handshake_failure
Listen 4445
##
## SSL Virtual Host Context
##
Include "conf/httpd-jk.conf"
<VirtualHost *:4445>
#General setup for the virtual host
DocumentRoot "htdocs"
ServerName ocu1.totalsoft.ro
ServerAdmin [email protected]
ErrorLog "logs/error_log"
TransferLog "logs/access_log"
CustomLog logs/car2x.log combined
#JKMount /car2x/* worker1
JKMount /BTS/* worker1
#<Location "/car2x/WEB-INF/">
<Location "/BTS/WEB-INF/">
deny from all
</Location>
JkMountCopy On
<Directory "htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProtocol -All +SSLv3 +TLSv1
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ECDH-ECDSA-AES128-SHA
#SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+SSLv3:+TLSv1:+EXP:+eNULL
# This is only for allowed ciphers specified within the core service communication document
#SSLCipherSuite HIGH:+MEDIUM:+LOW:+SSLv3:+TLSv1:+ECDH-ECDSA-AES128-SHA:+ECDHE-ECDSA-AES256-SHA:+ECDH-ECDSA-AES128-SHA256
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
#SSLCipherSuite AES128-SHA
#SSLCertificateFile "conf/server-cert.pem"
#SSLCertificateFile "conf/resource/server-cert.pem"
SSLCertificateFile "conf/resource/Bucharest4.pem"
#SSLCertificateFile "conf/server-dsa.crt"
#SSLCertificateKeyFile "conf/server-key.pem"
#SSLCertificateKeyFile "conf/server-key.pem"
SSLCertificateKeyFile "conf/resource/Bucharest4_key.pem"
SSLCACertificateFile "conf/ca.pem"
SSLVerifyClient optional_no_ca
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLOptions +ExportCertData
#<FilesMatch "\.(cgi|shtml|phtml|php)$">
# SSLOptions +StdEnvVars
#</FilesMatch>
<Directory "cgi-bin">
SSLOptions +StdEnvVars
</Directory>
I'm getting the followinq error on the client side
D/https(1153): INFO TEXT: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
Mas quando estou tentando me conectar com openssl s_client -ciphers ECDH-ECDSA-AES-SHA -connect ocu1.totalsoft.ro -k
, funciona?
Eu posso fornecer logs de wireshark. Naqueles logs eu recebo um monte de hello cliente, mas nenhum servidor hello. Em vez disso, recebo sslv3 alert with number 40 (hanshake_failure)
.