Java SSL 错误:错误:1408F10B:SSL 例程:SSL3_GET_RECORD:禁用 ssl 和启用 TLS 时版本号错误
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/29610075/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number error when disabling ssl and enabling TLS
提问by mahan07
I am trying to disable SSL on my tomcat and trying to send request for my app on TLS Port but I am getting the following Error:
我正在尝试在我的 tomcat 上禁用 SSL 并尝试在 TLS 端口上发送对我的应用程序的请求,但出现以下错误:
Failure in POSTing request to Manager: [SSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number]
向管理器 POST 请求失败:[SSL 错误:错误:1408F10B:SSL 例程:SSL3_GET_RECORD:版本号错误]
Configuration I am using in server.xml is:
我在 server.xml 中使用的配置是:
<Connector port="18443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" keystoreFile="/opt/certs/server.keystore" keystorePass="123456"
truststoreFile="/opt/certs/server.truststore" truststorePass="123456"/>
Can anyone please tell me how should i run this on TLS?
谁能告诉我我应该如何在 TLS 上运行它?
The post request would be ulrencoded and would be somewhat like this after decoding https://:port//DataManager?a='1'?b='4'
发布请求将被 ulrencoded 解码后会有点像这样 https://:port//DataManager?a='1'?b='4'
The problem is it is working on SSLV3 but not on TLS,my question is do i need to add something extra on client side(Apache) which is on http and sending request to server(Tomcat) that is on HTTPS.
问题是它在 SSLV3 上工作但不在 TLS 上工作,我的问题是我是否需要在 http 上的客户端(Apache)上添加一些额外的东西,并将请求发送到 HTTPS 上的服务器(Tomcat)。
Result of running the command for checking TLSv1:
运行检查TLSv1命令的结果:
SSL handshake has read 2202 bytes and written 294 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID: 552BF0C890C7DEEDE02A2B1FB3FE7659DCD753C4458814A8104FF4EC8EEE65C5
Session-ID-ctx:
Master-Key: 2C482E9C0BEBF40CDDA378868A077391A387C94DA55ABC9997D1BB5139A1077D83364EED94DBE799CC82E8D46BC5FECB
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1428943048
Timeout : 7200 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
read from 0x83a0798 [0x83a7293] (5 bytes => 5 (0x5))
0000 - 15 03 01 00 18 .....
read from 0x83a0798 [0x83a7298] (24 bytes => 24 (0x18))
0000 - 87 53 37 c9 d2 5d 44 6b-94 c3 80 bd 17 3e 31 39 .S7..]Dk.....>19
0010 - 53 ac 52 bc e0 3b 53 89- S.R..;S.
closed
write to 0x83a0798 [0x83ab7e3] (29 bytes => 29 (0x1D))
0000 - 15 03 01 00 18 49 10 83-df 10 45 43 d5 9a 39 8f .....I....EC..9.
0010 - de df ec 3d 8c 68 76 0f-67 ca a5 79 91 ...=.hv.g..y.
采纳答案by Steffen Ullrich
SSL-Session: Protocol : TLSv1
SSL-Session: Protocol : TLSv1
As you can see, it uses TLSv1 successfully.
如您所见,它成功地使用了 TLSv1。
Failure in POSTing request to State Manager: [SSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number]
向状态管理器 POST 请求失败:[SSL 错误:错误:1408F10B:SSL 例程:SSL3_GET_RECORD:版本号错误]
Don't let the SSL3_GET_RECORDconfuse you. Since the record formats are same or similar functions with a name containing SSL3 get also used to process TLS data. It is not clear from your question what really is going on, but you might get this kind of message too if your application tries to do a TLSv12-only request against a server not supporting TLSv12.
不要让那些SSL3_GET_RECORD迷惑你。由于记录格式相同或相似的函数名称包含 SSL3,因此也用于处理 TLS 数据。从您的问题中不清楚到底发生了什么,但是如果您的应用程序尝试对不支持 TLSv12 的服务器执行仅 TLSv12 请求,您也可能会收到此类消息。
