Linux

IPv6 工作正常,IPv4 引發 OpenSSL 錯誤

  • November 3, 2012

我正在建構一個網路伺服器(http://blog.linformattronics.nl/),它在 IPv4 和 IPv6 以及使用非 SSL 連接時都可以正常工作。但是,當我通過 https 連接到它時,IPv6 按預期工作,但 IPv4 連接會引發客戶端錯誤。IPv4/https 連接的伺服器端日誌為空。總結在一張表中:

    | http  | https
-----+-------+-------------------------------------------------------
IPv4 | works | OpenSSL error, failed. No server side logging.
-----+-------+-------------------------------------------------------
IPv6 | works | self signed certificate warning, but works as expected

顯然,甚至沒有設置 SSL 隧道,這導致 Apache 日誌為空。但是為什麼它在 IPv6 上執行良好而在 IPv4 上卻失敗了呢?我的問題是為什麼會拋出這個 OpenSSL 錯誤,我該如何解決?

以下是有關設置的一些額外資訊。


IPv6 https

用於重現 IPv6/https 行為的命令:

$ wget --no-check-certificate -O /dev/null -6 https://blog.linformatronics.nl
--2012-11-03 15:46:48--  https://blog.linformatronics.nl/
Resolving blog.linformatronics.nl (blog.linformatronics.nl)... 2001:980:1b7f:1:a00:27ff:fea6:a2e7
Connecting to blog.linformatronics.nl (blog.linformatronics.nl)|2001:980:1b7f:1:a00:27ff:fea6:a2e7|:443... connected.
WARNING: cannot verify blog.linformatronics.nl's certificate, issued by `/CN=localhost':
 Self-signed certificate encountered.
   WARNING: certificate common name `localhost' doesn't match requested host name `blog.linformatronics.nl'.
HTTP request sent, awaiting response... 200 OK
Length: 4556 (4.4K) [text/html]
Saving to: `/dev/null'

100%[=======================================================================>] 4,556       --.-K/s   in 0s      

2012-11-03 15:46:49 (62.5 MB/s) - `/dev/null' saved [4556/4556]

IPv4 https

用於重現 IPv6/https 行為的命令:

$ wget --no-check-certificate -O /dev/null -4 https://blog.linformatronics.nl
--2012-11-03 15:47:28--  https://blog.linformatronics.nl/
Resolving blog.linformatronics.nl (blog.linformatronics.nl)... 82.95.251.247
Connecting to blog.linformatronics.nl (blog.linformatronics.nl)|82.95.251.247|:443... connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.

筆記

  • 我在 Ubuntu 伺服器 12.04.1 LTS

您有一些嚴重的防火牆/NAT 配置錯誤。您實際上並沒有在埠 443 上執行 Web 伺服器…

$ telnet 82.95.251.247 443
Trying 82.95.251.247...
Connected to 82.95.251.247.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1

而且您的 IPv6 服務似乎被防火牆關閉了……

$ telnet 2001:980:1b7f:1:a00:27ff:fea6:a2e7 443
Trying 2001:980:1b7f:1:a00:27ff:fea6:a2e7...
telnet: connect to address 2001:980:1b7f:1:a00:27ff:fea6:a2e7: Permission denied

修復您的防火牆和/或錯誤埠服務問題,您應該會發現一切正常。

引用自:https://serverfault.com/questions/445081