gpt4 book ai didi

ssl - 发出验证自签名证书 : handshake_failure received

转载 作者:太空宇宙 更新时间:2023-11-03 14:42:15 25 4
gpt4 key购买 nike

我正在使用 quickfix 来验证服务器的证书并获得致命的 handshake_failure。

在我看来是这样的:

  • 初始握手开始

  • 客户端连接。

  • 服务器接受。

  • 在此期间发生 TLS 握手:

    o 密码套件协商成功。

    o 客户端验证服务器证书

    o 服务器任意关闭套接字。( SEND TLSv1 ALERT: warning, description = close_notify <-- 然而,这看起来像是一个干净的关闭。)

    o 客户端挂起

有人可以看一下吗?请。

Allow unsafe renegotiation: false 
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring disabled protocol: SSLv3
%% No cached client session
..
..
*** ClientHello, TLSv1
RandomCookie: GMT: 1468991703 bytes = { 167, 140, 147, 81, 176, 169, 230, 45, 229, 147, 246, 106, 201, 127, 79, 194, 88, 63, 1, 91, 34, 184, 35, 49, 119, 31, 227, 157 }
..
..
ISocketConnector-0, WRITE: TLSv1 Handshake, length = 149
MINA session created for FIX.4.4:ZZZZZ->YYYY: local=/X.X.X.X:XXXXXX, class org.apache.mina.transport.socket.nio.SocketSessionImpl, remote=/XXX.XXX.XXX.XX:YYYYY [quickfix.mina.initiator.InitiatorIoHandler:50]
SocketConnectorIoProcessor-0.0, READ: TLSv1 Handshake, length = 81
*** ServerHello, TLSv1
..
..
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
%% Initialized: [Session-1885, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
SocketConnectorIoProcessor-0.0, READ: TLSv1 Handshake, length = 3224
*** Certificate chain
chain [0] = [
Version: V3
..
..
..
..

READ: TLSv1 Handshake, length = 14
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<Empty>
*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
..
..
CONNECTION KEYGEN:
Client Nonce:
..
..
Server Nonce:
..
..
Master Secret:
..
..
Client MAC write Secret:
..
..
Server MAC write Secret:
..
..
Client write key:
...
Server write key:
..
Client write IV:
..
Server write IV:
..
..
WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 85, 227, 34, 74, 171, 223, 226, 95, 232, 234, 118, 50 }

WRITE: TLSv1 Handshake, length = 48
READ: TLSv1 Alert, length = 2
RECV TLSv1 ALERT: fatal, handshake_failure
fatal: engine already closedRethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure
called closeOutbound()
closeOutboundInternal()
SEND TLSv1 ALERT: warning, description = close_notify
WRITE: TLSv1 Alert, length = 32
called closeInbound()
fatal: engine already closedRethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
called closeOutbound()
closeOutboundInternal()

最佳答案

*** CertificateRequest 

服务器需要客户端证书,但客户端没有发送任何证书。因此,服务器会通过 handshake_failure 警报关闭连接。

关于ssl - 发出验证自签名证书 : handshake_failure received,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42128930/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com