財神娛樂首存即享優惠回饋唷~詳情請進👉

windows – 過錯配置stunnel服務器:`S卡利娛樂城評價SL3_GET_CLIENT_HELLO:錯

我正在
Windows XP上配置一個stunnel服務器,當客戶端測驗考試走訪時我失去了這個過錯:

2013.02.14 00:02:16 LOG7[8848:7664]: Service [https] accepted (FD=320) from 107.20.36.147:56160
2013.02.14 00:02:16 LOG7[8848:7664]: Creating a new thread
2013.02.14 00:02:16 LOG7[8848:7664]: New thread created
2013.02.14 00:02:16 LOG7[8848:9792]: Service [https] started
2013.02.14 00:02:16 LOG5[8848:9792]: Service [https] accepted connection from 107.20.36.147:56160
2013.02.14 00:02:16 LOG7[8848:9792]: SSL state (accept): before/accept initialization
2013.02.14 00:02:16 LOG7[8848:9792]: SSL alert (write): fatal: handshake failure
2013.02.14 00:02:16 LOG3[8848:9792]: SSL_accept: 1408A10B: error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number
2013.02.14 00:02:16 LOG5[8848:9792]: Connection reset: 0 byte(s) sent to SSL,0 byte(s) sent to socket
2013.02.14 00:02:16 LOG7[8848:9792]: Local socket (FD=320) closed
2013.02.14 00:02:16 LOG7[8848:9792]: Service [https] finished (0 left)

曉得該怎么辦嗎?我在網上望到,這可能象征著我的服務器正在宣揚它可以在SSL3中進行通訊,但究竟上它不克不及.若是這是真的,我想曉得若何辦理這個成績.我正在編纂stunnel.conf文件,但我不曉得要點竄它以辦理這個成績.
更新:
僅當Twilio客戶端(即Twilio的服務器)測驗考試走訪我的服務器時,才會顯示上述過錯新聞.當我測驗考試使用我的某臺計算機走訪我的服務器時,該頁面確鑿顯示,但在顯示內容后,Chrome會將該頁面顯示為“加載”約莫30秒,在此收場時,stunnel會顯示如下新聞:

transfer: s_poll_wait: TIMEOUTclose exceeded: closing

更新:
這是wireshark拿獲:https://gist.github.com/cool-RR/4963477
下限文件:https://dl.dropbox.com/u/1927707/wireshark.cap
請注重,服務器在端口8088上運轉.
更新:
這是服務器的日記(debug = 7):

2013.02.17 17:06:52 LOG7[7636:2092]: No limit detected for the number of clients
2013.02.17 17:06:52 LOG5[7636:2092]: stunnel 4.54 on x86-pc-msvc-1500 platform
2013.02.17 17:06:52 LOG5[7636:2092]: Compiled/running with OpenSSL 1.0.1c-fips 10 May 2012
2013.02.17 17:06:52 LOG5[7636:2092]: Thr捕魚達人簽到eading:WIN32 SSL:+ENGINE+OCSP+FIPS Auth:none Sockets:SELECT+IPv6
2013.02.17 17:06:52 LOG5[7636:2092]: Reading configuration from file stunnel.conf
2013.02.17 17:06:52 LOG5[7636:2092]: FIPS mode is enabled
2013.02.17 17:06:52 LOG7[7636:2092]: Compression not enabled
2013.02.17 17:06:52 LOG7[7636:2092]: Snagged 64 random bytes from C:\Documents and Settings\User/.rnd
2013.02.17 17:06:52 LOG7[7636:2092]: Wrote 1024 new random bytes to C:\Docume電競運彩分析nts and Settings\User/.rnd
2013.02.17 17:06:52 LOG7[7636:2092]: PRNG seeded successfully
2013.02.17 17:06:52 LOG6[7636:2092]: Initializing service [https]
2013.02.17 17:06:52 LOG7[7636:2092]: Certificate: G:\Dropbox\StartSSL\SSL Cert.pem
2013.02.17 17:06:52 LOG7[7636:2092]: Certificate loaded
2013.02.17 17:06:52 LOG7[7636:2092]: Key file: G:\Dropbox\StartSSL\SSL Cert.pem
2013.02.17 17:06:52 LOG7[7636:2092]: Private key loaded
2013.02.17 17:06:52 LOG7[7636:2092]: Could not load DH parameters from G:\Dropbox\StartSSL\SSL Cert.pem
2013.02.17 17:06:52 LOG7[7636:2092]: Using hardcoded DH parameters
2013.02.17 17:06:52 LOG7[7636:2092]: DH initialized with 2048-bit key
2013.02.17 17:06:52 LOG7[7636:2092]: ECDH initialized with curve prime256v1
2013.02.17 17:06:52 LOG7[7636:2092]: SSL options set: 0x03000004
2013.02.17 17:06:52 LOG5[7636:2092]: Configuration successful
2013.02.17 17:06:52 LOG7[7636:2092]: Service [https] (FD=268) bound to 0.0.0.0:8088
2013.02.17 17:07:08 LOG7[7636:2092]: Service [https] accepted (FD=320) from 54.242.25.199:45922
2013.02.17 17:07:08 LOG7[7636:2092]: Creating a new thread
2013.02.17 17:07:08 LOG7[7636:2092]: New thread created
2013.02.17 17:07:08 LOG7[7636:8004]: Service [https] started
2013.02捕魚達人下載.17 17:07:08 LOG5[7636:8004]: Service [https] accepted connection from 54.242.25.199:45922
2013.02.17 17:07:08 LOG7[7636:8004]: SSL state (accept): before/acc百家樂ept initialization
2013.02.17 17:07:08 LOG7[7636:8004]: SSL alert (write): fatal: handshake failure
2013.02.17 17:07:08 LOG3[7636:8004]: SSL_accept: 1408A10B: error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number
2013.02.17 17:07:08 LOG5[7636:8004]: Connection reset: 0 byte(s) sent to SSL,0 byte(s) sent to socket
2013.02.17 17:07:08 LOG7[7636:8004]: Local socket (FD=320) closed
2013.02.17 17:07:08 LOG7[7636:8004]: Service [https] finished (0 left)

更新:
Here’s my stunnel.conf file.

您應當進行收集拿獲并查望它被謝絕的緣故原由.還要反省兩個端點上的日記.增長stunnel conf中的調試級別.

您必要進行收集跟蹤以確定客戶端支撐的SSL協定版本.然后確保您的服務器也支撐該版本.

A client sends a ClientHello message specifying the highest TLS protocol version it supports,a random number,a list of suggested CipherSuites and suggested compression methods.

Source
請注重,因為從新商議中存在寧靜漏洞,幾年前SSL協定已經變動.無關SSL從新商議的信息,請參閱CVE-2009-3555以及this page
服務器相應:

Secure Sockets Layer
SSLv3 Record Layer: Alert (Level: Fatal,Description: Handshake Failure)
Content Type: Alert (21)
Version: SSL 3.0 (0x0300)
Length: 2
Alert Message
Level: Fatal (2)
Description: Handshake Failure (40)

您必需反省SSL服務器上的日記,以查望它謝絕毗鄰的緣故原由.測驗考試在stunnel上啟用SSL調試:debug = 7.
stunnel服務器有options = NO_SSLv3,但客戶端正在測驗考試使用SSLv3進行毗鄰.您必要進級客戶端以支撐更新版本的SSL,或者者您必要變動stunnel539大樂透中獎號碼查詢設置以接收SSLv3.

【免責聲明】本站內容轉載自互聯網,其相關談吐僅代表作者小我私家概念盡非權勢巨子,不代表本站態度。如您發明內容存在版權成績,請提交相關鏈接至郵箱:,咱們將實時予以處置。