0
我在Linux機器上安裝了RabbitMQ 3.6.6和Erlang 19.1。我遵循SSL指南(http://www.rabbitmq.com/ssl.html),可以讓Python客戶端連接,但不能連接.Net客戶端。爲什麼使用.Net客戶端與Erlang 19.1.1的RabbitMQ發生SSL握手失敗,但是沒有發生17.4 18.1和18.2的問題?
我已經嘗試使用Erlang(17.4 18.1和18.2)所有工作的相同的服務器配置。使用Erlang的19.1
詳細低於
Wireshark的客戶端請求
Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, Hello Request, Hello Request
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 1278
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 748
Certificates Length: 745
Certificates (745 bytes)
Certificate Length: 742
Certificate: 308202e2308201caa003020102020102300d06092a864886... (id-at-organizationName=client,id-at-commonName=netclient)
signedCertificate
version: v3 (2)
serialNumber: 2
signature (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
issuer: rdnSequence (0)
rdnSequence: 1 item (id-at-commonName=MyTestCA)
RDNSequence item: 1 item (id-at-commonName=MyTestCA)
RelativeDistinguishedName item (id-at-commonName=MyTestCA)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: MyTestCA
validity
notBefore: utcTime (0)
utcTime: 16-12-03 19:56:24 (UTC)
notAfter: utcTime (0)
utcTime: 17-12-03 19:56:24 (UTC)
subject: rdnSequence (0)
rdnSequence: 2 items (id-at-organizationName=client,id-at-commonName=netclient)
RDNSequence item: 1 item (id-at-commonName=netclient)
RelativeDistinguishedName item (id-at-commonName=netclient)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: netclient
RDNSequence item: 1 item (id-at-organizationName=client)
RelativeDistinguishedName item (id-at-organizationName=client)
Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: uTF8String (4)
uTF8String: client
subjectPublicKeyInfo
algorithm (rsaEncryption)
Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
subjectPublicKey: 3082010a0282010100b5007e702f32e3e8e307eb07296cf4...
modulus: 0x00b5007e702f32e3e8e307eb07296cf453581e5fa9c6c831...
publicExponent: 65537
extensions: 3 items
Extension (id-ce-basicConstraints)
Extension Id: 2.5.29.19 (id-ce-basicConstraints)
BasicConstraintsSyntax [0 length]
Extension (id-ce-keyUsage)
Extension Id: 2.5.29.15 (id-ce-keyUsage)
Padding: 7
KeyUsage: 80 (digitalSignature)
1... .... = digitalSignature: True
.0.. .... = contentCommitment: False
..0. .... = keyEncipherment: False
...0 .... = dataEncipherment: False
.... 0... = keyAgreement: False
.... .0.. = keyCertSign: False
.... ..0. = cRLSign: False
.... ...0 = encipherOnly: False
0... .... = decipherOnly: False
Extension (id-ce-extKeyUsage)
Extension Id: 2.5.29.37 (id-ce-extKeyUsage)
KeyPurposeIDs: 1 item
KeyPurposeId: 1.3.6.1.5.5.7.3.2 (id-kp-clientAuth)
algorithmIdentifier (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
Padding: 0
encrypted: 91d59d73fd4fa59494031acf857a0bc94061715b63f9d14d...
Handshake Protocol: Client Key Exchange
Handshake Type: Client Key Exchange (16)
Length: 258
RSA Encrypted PreMaster Secret
Encrypted PreMaster length: 256
Encrypted PreMaster: b6907639fa3c297cbbe91a80ca7394569354ba1c04ca9541...
Handshake Protocol: Certificate Verify
Handshake Type: Certificate Verify (15)
Length: 260
Signature Hash Algorithm: 0x0201
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: RSA (1)
Signature length: 256
Signature: 98730313f2cf8eaa47e3e574f0e090882735ec69f051374a...
TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.2 (0x0303)
Length: 1
Change Cipher Spec Message
TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 40
Handshake Protocol: Hello Request
Handshake Type: Hello Request (0)
Length: 0
Handshake Protocol: Hello Request
Handshake Type: Hello Request (0)
Length: 0
Wireshark的服務器響應
Alert (Level: Fatal, Description: Handshake Failure)
我結束了剛剛與Erlang 18.2,但我不滿意這個解決方案。 –