當我嘗試遠程連接到我的服務器時,出現以下錯誤。Dropwizard SSL服務繼續返回錯誤 - 服務器中止SSL握手
$ curl -k --verbose https://myserver.com:9010/test
* Adding handle: conn: 0x7f8bfb801a00
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7f8bfb801a00) send_pipe: 1, recv_pipe: 0
* About to connect() to myserver.com port 9010 (#0)
* Trying <myserver ip>...
* Connected to myserver.com (myserver ip) port 9010 (#0)
* Server aborted the SSL handshake
* Closing connection 0
curl: (35) Server aborted the SSL handshake
但是,如果我從運行服務的服務器中運行此命令,則連接將成功完成。
我正在使用自簽名證書。我使用codeproject.com指南創建我的證書。而我的Dropwizard server
配置是: -
server:
requestLog:
timeZone: UTC
appenders:
- type: file
currentLogFilename: logs/requests.log
archivedLogFilenamePattern: logs/requests-%d.log
archivedFileCount: 3
threshold: ALL
applicationConnectors:
- type: https
port: 9010
keyStorePath: myserver.keystore
keyStorePassword: password
certAlias: myserverAlias
validateCerts: false
trustStorePath: /etc/pki/java/cacerts
adminConnectors:
- type: https
port: 9011
keyStorePath: myserver.keystore
keyStorePassword: password
certAlias: myserverAlias
validateCerts: false
trustStorePath: /etc/pki/java/cacerts
另外我在日誌中看到沒有錯誤。
其他細節
從內部服務器看起來像這樣的成功連接。
$ curl -k --verbose https://myserver.com:9010/test
* Trying <myserver ip>...
* Connected to myserver.com (myserver ip) port 9010 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_DHE_DSS_WITH_AES_128_CBC_SHA
* Server certificate:
* subject: CN=myserver.com,OU=TECH,O=AppleGrew,L=HYD,ST=TS,C=IN
* start date: Apr 05 06:16:32 2015 GMT
* expire date: Apr 04 06:16:32 2018 GMT
* common name: myserver.com
* issuer: CN=myserver.com,OU=TECH,O=AppleGrew,L=HYD,ST=TS,C=IN
> GET /test HTTP/1.1
> User-Agent: curl/7.40.0
> Host: myserver.com:9010
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Mon, 06 Apr 2015 06:01:23 GMT
< Content-Type: application/json
< Vary: Accept-Encoding
< Content-Length: 99
<
* Connection #0 to host myserver.com left intact
{"status":"OK","message_type":"INFO","message_recipient":"SYSTEM","testMsg":"The service is live!"}
但是,運行服務器端和遠程客戶端的curl
版本是不同的。
服務器端,它是:
curl 7.40.0 (x86_64-redhat-linux-gnu) libcurl/7.40.0 NSS/3.16.2 Basic ECC zlib/1.2.8 libidn/1.18 libssh2/1.4.2
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets
客戶端,它是:
curl 7.30.0 (x86_64-apple-darwin13.0) libcurl/7.30.0 SecureTransport zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM NTLM_WB SSL libz
更新
我能夠從遠程Linux系統連接到服務器。在該系統上捲曲的版本是: -
curl 7.19.7 (i686-pc-linux-gnu) libcurl/7.19.7 NSS/3.12.6.2 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
也許服務器不支持從OS X提供的SSL密碼套件。局域網跟蹤將顯示全部。 – jwilleke 2015-04-06 10:41:46