Java 错误:140770FC:SSL 例程:SSL23_GET_SERVER_HELLO:未知协议
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/21135637/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
提问by sgokhales
I'm currently trying to test the implemented changes for achieving security with Encrypted Shuffle in Cloudera Hadoop Environment.
我目前正在尝试测试已实施的更改,以在 Cloudera Hadoop 环境中使用 Encrypted Shuffle 实现安全性。
I've created the certificates and keystores and kept them in appropriate locations.
我已经创建了证书和密钥库并将它们保存在适当的位置。
I'm testing TaskTracker's HTTPS port of 50060.
我正在测试 TaskTracker 的 HTTPS 端口 50060。
When I do a curl on that port, I get below error response.
当我在那个端口上做 curl 时,我得到以下错误响应。
ubuntu@node2:~$ curl -v -k "https://10.0.10.90:50060"
* About to connect() to 10.0.10.90 port 50060 (#0)
* Trying 10.0.10.90... connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection #0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
When I did check with open ssl client, i got below response
当我检查开放的 ssl 客户端时,我得到以下响应
ubuntu@node2:~$ openssl s_client -connect 10.0.10.90:50060
CONNECTED(00000003)
139749924464288:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:749:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 225 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
I'm not able to figure out what might be causing this issue ?
我无法弄清楚是什么导致了这个问题?
Is there something that I'm missing ?
有什么我想念的吗?
PS : I've updated the ca-certificates.crtfile and also kept the server .crtfile under /usr/share/ca-certificates/mozilla
PS:我已经更新了ca-certificates.crt文件并将服务器.crt文件保存在/usr/share/ca-certificates/mozilla
回答by jww
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
错误:140770FC:SSL 例程:SSL23_GET_SERVER_HELLO:未知协议
It appears there is no SSL/TLS server listening on 10.0.10.90:50060. There is a server listening, its just not SSL/TLS.
似乎没有 SSL/TLS 服务器侦听 10.0.10.90:50060。有一个服务器在监听,它只是不是 SSL/TLS。
I can duplicate it when connecting to my gateway over port 80 (rather than 443).
当通过端口 80(而不是 443)连接到我的网关时,我可以复制它。
$ openssl s_client -connect 192.168.1.1:80
CONNECTED(00000003)
140735109476828:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:787:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 517 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
And if you use the -debugflag, you will see the HTTPin the response that OpenSSL is trying to interpret as SSL/TLS protocol data:
如果您使用该-debug标志,您将HTTP在响应中看到 OpenSSL 试图将其解释为 SSL/TLS 协议数据:
$ openssl s_client -connect 192.168.1.1:80 -debug
CONNECTED(00000003)
write to 0x7fbf58422b90 [0x7fbf58811800] (348 bytes => 348 (0x15C))
0000 - 16 03 01 01 57 01 00 01-53 03 03 64 1d 01 29 f0 ....W...S..d..).
...
0150 - 03 02 01 02 02 02 03 00-0f 00 01 01 ............
read from 0x7fbf58422b90 [0x7fbf58816e00] (7 bytes => 7 (0x7))
0000 - 48 54 54 50 2f 31 2e HTTP/1.
140735203164636:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
回答by Mentat
To anyone that has this problem:
对于遇到此问题的任何人:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol.
错误:140770FC:SSL 例程:SSL23_GET_SERVER_HELLO:未知协议。
My issue was with curl using ipv6 by default instead of ipv4. The end server wasn't configured appropriately to respond to ipv6, thus the same issue statement was observed. Make sure curl is using ipv4 or your server can do ipv6.
我的问题是 curl 默认使用 ipv6 而不是 ipv4。未正确配置终端服务器以响应 ipv6,因此观察到相同的问题陈述。确保 curl 使用 ipv4 或者您的服务器可以执行 ipv6。
回答by Ankit Adlakha
I got this kind of error while running the Airflow web server service on https. By mistake I mentioned .key file path in property(key) file instead of .pem file path for enabling https.
我在 https 上运行 Airflow Web 服务器服务时遇到这种错误。我错误地提到了属性(密钥)文件中的 .key 文件路径,而不是用于启用 https 的 .pem 文件路径。
Corrected the .pem file path instead of .key file path and working fine.
更正了 .pem 文件路径而不是 .key 文件路径并且工作正常。
