Linux
IPv6 工作正常,IPv4 引發 OpenSSL 錯誤
我正在建構一個網路伺服器(http://blog.linformattronics.nl/),它在 IPv4 和 IPv6 以及使用非 SSL 連接時都可以正常工作。但是,當我通過 https 連接到它時,IPv6 按預期工作,但 IPv4 連接會引發客戶端錯誤。IPv4/https 連接的伺服器端日誌為空。總結在一張表中:
| http | https -----+-------+------------------------------------------------------- IPv4 | works | OpenSSL error, failed. No server side logging. -----+-------+------------------------------------------------------- IPv6 | works | self signed certificate warning, but works as expected
顯然,甚至沒有設置 SSL 隧道,這導致 Apache 日誌為空。但是為什麼它在 IPv6 上執行良好而在 IPv4 上卻失敗了呢?我的問題是為什麼會拋出這個 OpenSSL 錯誤,我該如何解決?
以下是有關設置的一些額外資訊。
IPv6 https
用於重現 IPv6/https 行為的命令:
$ wget --no-check-certificate -O /dev/null -6 https://blog.linformatronics.nl --2012-11-03 15:46:48-- https://blog.linformatronics.nl/ Resolving blog.linformatronics.nl (blog.linformatronics.nl)... 2001:980:1b7f:1:a00:27ff:fea6:a2e7 Connecting to blog.linformatronics.nl (blog.linformatronics.nl)|2001:980:1b7f:1:a00:27ff:fea6:a2e7|:443... connected. WARNING: cannot verify blog.linformatronics.nl's certificate, issued by `/CN=localhost': Self-signed certificate encountered. WARNING: certificate common name `localhost' doesn't match requested host name `blog.linformatronics.nl'. HTTP request sent, awaiting response... 200 OK Length: 4556 (4.4K) [text/html] Saving to: `/dev/null' 100%[=======================================================================>] 4,556 --.-K/s in 0s 2012-11-03 15:46:49 (62.5 MB/s) - `/dev/null' saved [4556/4556]
IPv4 https
用於重現 IPv6/https 行為的命令:
$ wget --no-check-certificate -O /dev/null -4 https://blog.linformatronics.nl --2012-11-03 15:47:28-- https://blog.linformatronics.nl/ Resolving blog.linformatronics.nl (blog.linformatronics.nl)... 82.95.251.247 Connecting to blog.linformatronics.nl (blog.linformatronics.nl)|82.95.251.247|:443... connected. OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol Unable to establish SSL connection.
筆記
- 我在 Ubuntu 伺服器 12.04.1 LTS
您有一些嚴重的防火牆/NAT 配置錯誤。您實際上並沒有在埠 443 上執行 Web 伺服器…
$ telnet 82.95.251.247 443 Trying 82.95.251.247... Connected to 82.95.251.247. Escape character is '^]'. SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1
而且您的 IPv6 服務似乎被防火牆關閉了……
$ telnet 2001:980:1b7f:1:a00:27ff:fea6:a2e7 443 Trying 2001:980:1b7f:1:a00:27ff:fea6:a2e7... telnet: connect to address 2001:980:1b7f:1:a00:27ff:fea6:a2e7: Permission denied
修復您的防火牆和/或錯誤埠服務問題,您應該會發現一切正常。