SSL握手失败:连接到TIBCO ActiveMatrix BusinessWorks 5.7.2时
SSL握手失败:连接到TIBCO ActiveMatrix BusinessWorks 5.7.2时
提问于 2020-02-11 06:37:40
版- TIBCO ActiveMatrix BusinessWorks 5.7.2
问题:
我是TIBCO服务器的消费者,SSL握手失败。我尝试了以下openssl命令,看看它是否可以接受连接。以下是我的研究结果:
openssl s_client -showcerts -connect tibco服务器:端口-verify 3 -tls1 -state
verify depth is 3
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL3 alert read:fatal:unexpected_message
SSL_connect:failed in error
139827261306768:error:140943F2:SSL routines:ssl3_read_bytes:sslv3 alert unexpected message:s3_pkt.c:1493:SSL alert number 10
139827261306768:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:659:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1581402078
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---但是,当我使用ssl3选项时,也是一样的。
openssl s_client -showcerts -connect tibco服务器:端口-verify 3 -ssl3 -state
verify depth is 3
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 C = AU, ST = <state>, L = <location>, O = <org>, OU = <unit>, CN = <cn>
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = <state>, L = <location>, O = <org>, OU = <unit>, CN = <cn>
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
Certificate chain
-----BEGIN CERTIFICATE-----
.....
.....
-----END CERTIFICATE-----
---
Server certificate
subject=...
issuer=...
---
No client certificate CA names sent
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 1779 bytes and written 362 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : SSLv3
Cipher : DHE-RSA-AES128-SHA
Session-ID: 8BCEAEADC85613876FFF0E2EAB590A92
Session-ID-ctx:
Master-Key: <master-key-here>
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1581402661
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
---我掩盖了一些输出数据。
对于为什么openssl可以通过ssl3而不是tls1.0连接TIBCO,有什么帮助吗?
回答 1
Stack Overflow用户
发布于 2020-02-12 00:40:58
此问题在TIBCO服务器的安全配置更改后得到解决。现在,客户端可以成功地与TIBCO服务器协商TLS1.0连接。
固定
将安全性改为j2se而不是委托
java.property.TIBCO_SECURITY_VENDOR=j2se
参考资料
https://support.tibco.com/s/article/Tibco-KnowledgeArticle-Article-38616 https://community.tibco.com/questions/tls-compatibility-tibco-bw
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/60163208
复制相关文章
相似问题
腾讯云开发者
