我試圖建立安全通道,所以我可以訪問我的IIS靜態網站(http://localhost)Stunnel的SSL23_GET_SERVER_HELLO錯誤
我想通過「https://localhost:443」來訪問它。
這裏是我的conf文件:
[https]
client= yes
accept = 443
connect = 80
debug = 7
sslVersion = all
cert = D:\stunnel\config\cert.pfx
,這裏是我得到的錯誤:我在尋找一個基本的基本配置
2017.05.04 12:41:01 LOG5[main]: UTF-8 byte order mark detected
2017.05.04 12:41:01 LOG5[main]: FIPS mode disabled
2017.05.04 12:41:01 LOG4[main]: Service [https] needs authentication to prevent MITM attacks
2017.05.04 12:41:01 LOG5[main]: Configuration successful
2017.05.04 12:41:14 LOG7[80]: Service [https] started
2017.05.04 12:41:14 LOG7[80]: Option TCP_NODELAY set on local socket
2017.05.04 12:41:14 LOG5[80]: Service [https] accepted connection from 127.0.0.1:54417
2017.05.04 12:41:14 LOG6[80]: s_connect: connecting 127.0.0.1:80
2017.05.04 12:41:14 LOG7[80]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds
2017.05.04 12:41:14 LOG7[81]: Service [https] started
2017.05.04 12:41:14 LOG7[81]: Option TCP_NODELAY set on local socket
2017.05.04 12:41:14 LOG5[81]: Service [https] accepted connection from 127.0.0.1:54419
2017.05.04 12:41:14 LOG6[81]: s_connect: connecting 127.0.0.1:80
2017.05.04 12:41:14 LOG7[81]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds
2017.05.04 12:41:14 LOG5[81]: s_connect: connected 127.0.0.1:80
2017.05.04 12:41:14 LOG5[81]: Service [https] connected remote server from 127.0.0.1:54420
2017.05.04 12:41:14 LOG7[81]: Option TCP_NODELAY set on remote socket
2017.05.04 12:41:14 LOG7[81]: Remote descriptor (FD=552) initialized
2017.05.04 12:41:14 LOG6[81]: SNI: sending servername: localhost
2017.05.04 12:41:14 LOG6[81]: Peer certificate not required
2017.05.04 12:41:14 LOG7[81]: TLS state (connect): before/connect initialization
2017.05.04 12:41:14 LOG7[81]: TLS state (connect): SSLv2/v3 write client hello A
2017.05.04 12:41:14 LOG3[81]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
2017.05.04 12:41:14 LOG5[81]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2017.05.04 12:41:14 LOG7[81]: Deallocating application specific data for addr index
2017.05.04 12:41:14 LOG7[81]: Remote descriptor (FD=552) closed
2017.05.04 12:41:14 LOG7[81]: Local descriptor (FD=480) closed
2017.05.04 12:41:14 LOG7[81]: Service [https] finished (1 left)
2017.05.04 12:41:14 LOG5[80]: s_connect: connected 127.0.0.1:80
2017.05.04 12:41:14 LOG5[80]: Service [https] connected remote server from 127.0.0.1:54418
2017.05.04 12:41:14 LOG7[80]: Option TCP_NODELAY set on remote socket
2017.05.04 12:41:14 LOG7[80]: Remote descriptor (FD=304) initialized
2017.05.04 12:41:14 LOG6[80]: SNI: sending servername: localhost
2017.05.04 12:41:14 LOG6[80]: Peer certificate not required
2017.05.04 12:41:14 LOG7[80]: TLS state (connect): before/connect initialization
2017.05.04 12:41:14 LOG7[80]: TLS state (connect): SSLv2/v3 write client hello A
2017.05.04 12:41:14 LOG3[80]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
2017.05.04 12:41:14 LOG5[80]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2017.05.04 12:41:14 LOG7[80]: Deallocating application specific data for addr index
2017.05.04 12:41:14 LOG7[80]: Remote descriptor (FD=304) closed
2017.05.04 12:41:14 LOG7[80]: Local descriptor (FD=496) closed
2017.05.04 12:41:14 LOG7[80]: Service [https] finished (0 left)
2017.05.04 12:41:14 LOG7[82]: Service [https] started
2017.05.04 12:41:14 LOG7[82]: Option TCP_NODELAY set on local socket
2017.05.04 12:41:14 LOG5[82]: Service [https] accepted connection from 127.0.0.1:54422
2017.05.04 12:41:14 LOG6[82]: s_connect: connecting 127.0.0.1:80
2017.05.04 12:41:14 LOG7[82]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds
2017.05.04 12:41:14 LOG5[82]: s_connect: connected 127.0.0.1:80
2017.05.04 12:41:14 LOG5[82]: Service [https] connected remote server from 127.0.0.1:54423
2017.05.04 12:41:14 LOG7[82]: Option TCP_NODELAY set on remote socket
2017.05.04 12:41:14 LOG7[82]: Remote descriptor (FD=304) initialized
2017.05.04 12:41:14 LOG6[82]: SNI: sending servername: localhost
2017.05.04 12:41:14 LOG6[82]: Peer certificate not required
2017.05.04 12:41:14 LOG7[82]: TLS state (connect): before/connect initialization
2017.05.04 12:41:14 LOG7[82]: TLS state (connect): SSLv2/v3 write client hello A
2017.05.04 12:41:14 LOG3[82]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
2017.05.04 12:41:14 LOG5[82]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2017.05.04 12:41:14 LOG7[82]: Deallocating application specific data for addr index
2017.05.04 12:41:14 LOG7[82]: Remote descriptor (FD=304) closed
2017.05.04 12:41:14 LOG7[82]: Local descriptor (FD=544) closed
2017.05.04 12:41:14 LOG7[82]: Service [https] finished (0 left)
2017.05.04 12:41:14 LOG7[83]: Service [https] started
2017.05.04 12:41:14 LOG7[83]: Option TCP_NODELAY set on local socket
2017.05.04 12:41:14 LOG5[83]: Service [https] accepted connection from 127.0.0.1:54425
2017.05.04 12:41:14 LOG6[83]: s_connect: connecting 127.0.0.1:80
2017.05.04 12:41:14 LOG7[83]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds
2017.05.04 12:41:14 LOG5[83]: s_connect: connected 127.0.0.1:80
2017.05.04 12:41:14 LOG5[83]: Service [https] connected remote server from 127.0.0.1:54426
2017.05.04 12:41:14 LOG7[83]: Option TCP_NODELAY set on remote socket
2017.05.04 12:41:14 LOG7[83]: Remote descriptor (FD=540) initialized
2017.05.04 12:41:14 LOG6[83]: SNI: sending servername: localhost
2017.05.04 12:41:14 LOG6[83]: Peer certificate not required
2017.05.04 12:41:14 LOG7[83]: TLS state (connect): before/connect initialization
2017.05.04 12:41:14 LOG7[83]: TLS state (connect): SSLv2/v3 write client hello A
2017.05.04 12:41:14 LOG3[83]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
2017.05.04 12:41:14 LOG5[83]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2017.05.04 12:41:14 LOG7[83]: Deallocating application specific data for addr index
2017.05.04 12:41:14 LOG7[83]: Remote descriptor (FD=540) closed
2017.05.04 12:41:14 LOG7[83]: Local descriptor (FD=488) closed
2017.05.04 12:41:14 LOG7[83]: Service [https] finished (0 left)
2017.05.04 12:41:14 LOG7[84]: Service [https] started
2017.05.04 12:41:14 LOG7[84]: Option TCP_NODELAY set on local socket
2017.05.04 12:41:14 LOG5[84]: Service [https] accepted connection from 127.0.0.1:54427
2017.05.04 12:41:14 LOG6[84]: s_connect: connecting 127.0.0.1:80
2017.05.04 12:41:14 LOG7[84]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds
2017.05.04 12:41:14 LOG5[84]: s_connect: connected 127.0.0.1:80
2017.05.04 12:41:14 LOG5[84]: Service [https] connected remote server from 127.0.0.1:54428
2017.05.04 12:41:14 LOG7[84]: Option TCP_NODELAY set on remote socket
2017.05.04 12:41:14 LOG7[84]: Remote descriptor (FD=304) initialized
2017.05.04 12:41:14 LOG6[84]: SNI: sending servername: localhost
2017.05.04 12:41:14 LOG6[84]: Peer certificate not required
2017.05.04 12:41:14 LOG7[84]: TLS state (connect): before/connect initialization
2017.05.04 12:41:14 LOG7[84]: TLS state (connect): SSLv2/v3 write client hello A
2017.05.04 12:41:14 LOG3[84]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
2017.05.04 12:41:14 LOG5[84]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2017.05.04 12:41:14 LOG7[84]: Deallocating application specific data for addr index
2017.05.04 12:41:14 LOG7[84]: Remote descriptor (FD=304) closed
2017.05.04 12:41:14 LOG7[84]: Local descriptor (FD=484) closed
2017.05.04 12:41:14 LOG7[84]: Service [https] finished (0 left)
。
有誰能告訴爲什麼它不工作請。 有什麼幕後我需要配置?
聽起來像您的服務器說話舊版本的ssl比stunnel會認爲可以接受,請檢查選項以啓用較舊的ssl –