1. 首頁
  2. 問答
  3. Stunnel的SSL23_GET_SERVER_HELLO錯誤

Stunnel的SSL23_GET_SERVER_HELLO錯誤

2017-05-04 61 views
0

我試圖建立安全通道,所以我可以訪問我的IIS靜態網站(http://localhostStunnel的SSL23_GET_SERVER_HELLO錯誤

我想通過「https://localhost:443」來訪問它。

這裏是我的conf文件:

[https] 
client= yes 
accept = 443 
connect = 80 
debug = 7 
sslVersion = all 
cert = D:\stunnel\config\cert.pfx

,這裏是我得到的錯誤:我在尋找一個基本的基本配置

2017.05.04 12:41:01 LOG5[main]: UTF-8 byte order mark detected 
2017.05.04 12:41:01 LOG5[main]: FIPS mode disabled 
2017.05.04 12:41:01 LOG4[main]: Service [https] needs authentication to prevent MITM attacks 
2017.05.04 12:41:01 LOG5[main]: Configuration successful 
2017.05.04 12:41:14 LOG7[80]: Service [https] started 
2017.05.04 12:41:14 LOG7[80]: Option TCP_NODELAY set on local socket 
2017.05.04 12:41:14 LOG5[80]: Service [https] accepted connection from 127.0.0.1:54417 
2017.05.04 12:41:14 LOG6[80]: s_connect: connecting 127.0.0.1:80 
2017.05.04 12:41:14 LOG7[80]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds 
2017.05.04 12:41:14 LOG7[81]: Service [https] started 
2017.05.04 12:41:14 LOG7[81]: Option TCP_NODELAY set on local socket 
2017.05.04 12:41:14 LOG5[81]: Service [https] accepted connection from 127.0.0.1:54419 
2017.05.04 12:41:14 LOG6[81]: s_connect: connecting 127.0.0.1:80 
2017.05.04 12:41:14 LOG7[81]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds 
2017.05.04 12:41:14 LOG5[81]: s_connect: connected 127.0.0.1:80 
2017.05.04 12:41:14 LOG5[81]: Service [https] connected remote server from 127.0.0.1:54420 
2017.05.04 12:41:14 LOG7[81]: Option TCP_NODELAY set on remote socket 
2017.05.04 12:41:14 LOG7[81]: Remote descriptor (FD=552) initialized 
2017.05.04 12:41:14 LOG6[81]: SNI: sending servername: localhost 
2017.05.04 12:41:14 LOG6[81]: Peer certificate not required 
2017.05.04 12:41:14 LOG7[81]: TLS state (connect): before/connect initialization 
2017.05.04 12:41:14 LOG7[81]: TLS state (connect): SSLv2/v3 write client hello A 
2017.05.04 12:41:14 LOG3[81]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 
2017.05.04 12:41:14 LOG5[81]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 
2017.05.04 12:41:14 LOG7[81]: Deallocating application specific data for addr index 
2017.05.04 12:41:14 LOG7[81]: Remote descriptor (FD=552) closed 
2017.05.04 12:41:14 LOG7[81]: Local descriptor (FD=480) closed 
2017.05.04 12:41:14 LOG7[81]: Service [https] finished (1 left) 
2017.05.04 12:41:14 LOG5[80]: s_connect: connected 127.0.0.1:80 
2017.05.04 12:41:14 LOG5[80]: Service [https] connected remote server from 127.0.0.1:54418 
2017.05.04 12:41:14 LOG7[80]: Option TCP_NODELAY set on remote socket 
2017.05.04 12:41:14 LOG7[80]: Remote descriptor (FD=304) initialized 
2017.05.04 12:41:14 LOG6[80]: SNI: sending servername: localhost 
2017.05.04 12:41:14 LOG6[80]: Peer certificate not required 
2017.05.04 12:41:14 LOG7[80]: TLS state (connect): before/connect initialization 
2017.05.04 12:41:14 LOG7[80]: TLS state (connect): SSLv2/v3 write client hello A 
2017.05.04 12:41:14 LOG3[80]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 
2017.05.04 12:41:14 LOG5[80]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 
2017.05.04 12:41:14 LOG7[80]: Deallocating application specific data for addr index 
2017.05.04 12:41:14 LOG7[80]: Remote descriptor (FD=304) closed 
2017.05.04 12:41:14 LOG7[80]: Local descriptor (FD=496) closed 
2017.05.04 12:41:14 LOG7[80]: Service [https] finished (0 left) 
2017.05.04 12:41:14 LOG7[82]: Service [https] started 
2017.05.04 12:41:14 LOG7[82]: Option TCP_NODELAY set on local socket 
2017.05.04 12:41:14 LOG5[82]: Service [https] accepted connection from 127.0.0.1:54422 
2017.05.04 12:41:14 LOG6[82]: s_connect: connecting 127.0.0.1:80 
2017.05.04 12:41:14 LOG7[82]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds 
2017.05.04 12:41:14 LOG5[82]: s_connect: connected 127.0.0.1:80 
2017.05.04 12:41:14 LOG5[82]: Service [https] connected remote server from 127.0.0.1:54423 
2017.05.04 12:41:14 LOG7[82]: Option TCP_NODELAY set on remote socket 
2017.05.04 12:41:14 LOG7[82]: Remote descriptor (FD=304) initialized 
2017.05.04 12:41:14 LOG6[82]: SNI: sending servername: localhost 
2017.05.04 12:41:14 LOG6[82]: Peer certificate not required 
2017.05.04 12:41:14 LOG7[82]: TLS state (connect): before/connect initialization 
2017.05.04 12:41:14 LOG7[82]: TLS state (connect): SSLv2/v3 write client hello A 
2017.05.04 12:41:14 LOG3[82]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 
2017.05.04 12:41:14 LOG5[82]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 
2017.05.04 12:41:14 LOG7[82]: Deallocating application specific data for addr index 
2017.05.04 12:41:14 LOG7[82]: Remote descriptor (FD=304) closed 
2017.05.04 12:41:14 LOG7[82]: Local descriptor (FD=544) closed 
2017.05.04 12:41:14 LOG7[82]: Service [https] finished (0 left) 
2017.05.04 12:41:14 LOG7[83]: Service [https] started 
2017.05.04 12:41:14 LOG7[83]: Option TCP_NODELAY set on local socket 
2017.05.04 12:41:14 LOG5[83]: Service [https] accepted connection from 127.0.0.1:54425 
2017.05.04 12:41:14 LOG6[83]: s_connect: connecting 127.0.0.1:80 
2017.05.04 12:41:14 LOG7[83]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds 
2017.05.04 12:41:14 LOG5[83]: s_connect: connected 127.0.0.1:80 
2017.05.04 12:41:14 LOG5[83]: Service [https] connected remote server from 127.0.0.1:54426 
2017.05.04 12:41:14 LOG7[83]: Option TCP_NODELAY set on remote socket 
2017.05.04 12:41:14 LOG7[83]: Remote descriptor (FD=540) initialized 
2017.05.04 12:41:14 LOG6[83]: SNI: sending servername: localhost 
2017.05.04 12:41:14 LOG6[83]: Peer certificate not required 
2017.05.04 12:41:14 LOG7[83]: TLS state (connect): before/connect initialization 
2017.05.04 12:41:14 LOG7[83]: TLS state (connect): SSLv2/v3 write client hello A 
2017.05.04 12:41:14 LOG3[83]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 
2017.05.04 12:41:14 LOG5[83]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 
2017.05.04 12:41:14 LOG7[83]: Deallocating application specific data for addr index 
2017.05.04 12:41:14 LOG7[83]: Remote descriptor (FD=540) closed 
2017.05.04 12:41:14 LOG7[83]: Local descriptor (FD=488) closed 
2017.05.04 12:41:14 LOG7[83]: Service [https] finished (0 left) 
2017.05.04 12:41:14 LOG7[84]: Service [https] started 
2017.05.04 12:41:14 LOG7[84]: Option TCP_NODELAY set on local socket 
2017.05.04 12:41:14 LOG5[84]: Service [https] accepted connection from 127.0.0.1:54427 
2017.05.04 12:41:14 LOG6[84]: s_connect: connecting 127.0.0.1:80 
2017.05.04 12:41:14 LOG7[84]: s_connect: s_poll_wait 127.0.0.1:80: waiting 10 seconds 
2017.05.04 12:41:14 LOG5[84]: s_connect: connected 127.0.0.1:80 
2017.05.04 12:41:14 LOG5[84]: Service [https] connected remote server from 127.0.0.1:54428 
2017.05.04 12:41:14 LOG7[84]: Option TCP_NODELAY set on remote socket 
2017.05.04 12:41:14 LOG7[84]: Remote descriptor (FD=304) initialized 
2017.05.04 12:41:14 LOG6[84]: SNI: sending servername: localhost 
2017.05.04 12:41:14 LOG6[84]: Peer certificate not required 
2017.05.04 12:41:14 LOG7[84]: TLS state (connect): before/connect initialization 
2017.05.04 12:41:14 LOG7[84]: TLS state (connect): SSLv2/v3 write client hello A 
2017.05.04 12:41:14 LOG3[84]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 
2017.05.04 12:41:14 LOG5[84]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 
2017.05.04 12:41:14 LOG7[84]: Deallocating application specific data for addr index 
2017.05.04 12:41:14 LOG7[84]: Remote descriptor (FD=304) closed 
2017.05.04 12:41:14 LOG7[84]: Local descriptor (FD=484) closed 
2017.05.04 12:41:14 LOG7[84]: Service [https] finished (0 left)

有誰能告訴爲什麼它不工作請。 有什麼幕後我需要配置?

來源

2017-05-04 Tom Mart

+0

聽起來像您的服務器說話舊版本的ssl比stunnel會認爲可以接受,請檢查選項以啓用較舊的ssl –

回答

1

'client = yes'使stunnel加密從客戶端接收到的數據 並解密從服務器接收到的數據。

決心通過設置客戶端「否」:

[https] 
client= No 
accept = 443 
connect = 80 
debug = 7 
sslVersion = all 
cert = D:\stunnel\config\cert.pfx

來源

2017-05-05 15:03:03

1

此錯誤是從沒有運行你試圖連接到端口上的安全通道服務器的事實來了。

Stunnel需要客戶端和服務器。他們說的協議是SSL封裝的TCP。如果您嘗試將Stunnel客戶端指向IIS等Web服務器,則Stunnel客戶端將無法與其通信。期望另一個Stunnel實例運行Stunnel服務器配置文件。

這就是爲什麼你會看到未知的協議消息 - 當stunnel發送一個TCP包裹的數據包時,網絡服務器無法理解它,因此它不會回覆你。

2017.05.04 12:41:14 LOG3[84]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 2017.05.04 12:41:14 LOG5[84]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

您可以通過Stunnel的,運行HTTP或HTTPS,但一旦你的客戶端和服務器設置。以下是Stunnel clientStunnel server的示例配置文件,它們將在端口8000上創建Stunnel連接,並允許客戶端使用端口9999訪問在端口9998上的服務器上運行的Web服務器。

來源

2017-05-06 01:47:28 charlesreid1

相關問題

 相關問題