我正在尝试使用Tomcat 7 + SSL从一个在AWS中的服务器(A)连接到另一个在AWS中的服务器(B)。
服务器A:
- Ubuntu 14.04
- OpenSSL 1.0.1f
服务器B:
- Ubuntu 13.04
- Tomcat 7
- OpenSSL 1.0.1c
- SSL证书
我正在服务器A上尝试以下命令:
curl https://Server.B -v
我遇到了以下异常:
* Connection #0 to host test.salespredict.com left intact
yakirm@ip-10-214-10-178:~$ curl https://Server.B.com -v
* Rebuilt URL to: https://Server.B.com/
* Hostname was NOT found in DNS cache
* Trying 54.245.81.*...
* Connected to Server.B.com (54.245.81.*) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to Server.B.com:443
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to Server.B.com:443
我尝试使用OpenSSL进行检查
openssl s_client -connect Server.B.Address:443
我得到了以下结果:
CONNECTED(00000003)
140284858304160:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 307 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
如果我正在尝试从我的电脑(OS X Mavericks)连接,curl 命令可以成功,但 openssl 命令返回相同的结果。
顺便说一下:
如果我尝试:
curl https://Server.B -v -ssl3
这是从A服务器工作,但我不想指定SSL协议。
编辑
B服务器 - Tomcat配置:
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" disableUploadTimeout="true"
enableLookups="true" maxThreads="200" port="443" keystoreFile="/var/lib/tomcat7/conf/Path/Path_keystore" keystorePass="******" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" sslProtocol="TLS" />