我正嘗試在CherryPy 3.8.0上使用SSL。我的基本示例在SSL上執行ping響應。無法在CherryPy上使用SSL 3.8.0
我這樣設置配置SSL:
# start Web Service with some configuration
global_conf = {
"global": { "server.environment": "production",
"engine.autoreload.on": True,
"engine.autoreload.frequency": 5,
"server.socket_host": "0.0.0.0",
"server.socket_port": 443,
"cherrypy.server.ssl_module": "builtin",
"cherrypy.server.ssl_certificate": "cert.pem",
"cherrypy.server.ssl_private_key": "privkey.pem",
"environment": "production",
"log.error_file": "site.log"}
}
cherrypy.config.update(global_conf)
conf = {
"/": {
"request.dispatch": cherrypy.dispatch.MethodDispatcher(),
"tools.encode.debug": True,
}
}
然而,當我調用Web服務我得到的錯誤。接下來是Httpie,cURL和openssl日誌。
Httpie登錄:
> http GET https://<host>:443/ping
http: error: SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:600)
捲曲日誌:
> curl -v https://<host>:443/ping
* Connected to <host> (<host>) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection 0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
OpenSSL的日誌:
> openssl s_client -host <host> -port 443
CONNECTED(00000003)
140197694400160:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 295 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
似乎現在正常工作,謝謝。問題確實是無效的配置。我從此頁面獲取:http://docs.cherrypy.org/en/latest/deploy.html#ssl-support – gc5