SSL错误:错误:1408F10B:SSL例程:SSL3_GET_RECORD:禁用ssl和启用TLS时版本号错误
[英]SSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number error when disabling ssl and enabling TLS
问题描述
I am trying to disable SSL on my tomcat and trying to send request for my app on TLS Port but I am getting the following Error: 
我试图在tomcat上禁用SSL,并尝试在TLS端口上发送对我的应用程序的请求,但出现以下错误:
Failure in POSTing request to Manager: [SSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number] 向管理器发布请求失败:[SSL错误:错误:1408F10B:SSL例程:SSL3_GET_RECORD:版本号错误]
Configuration I am using in server.xml is: 我在server.xml中使用的配置是:
<Connector port="18443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" keystoreFile="/opt/certs/server.keystore" keystorePass="123456"
truststoreFile="/opt/certs/server.truststore" truststorePass="123456"/>
Can anyone please tell me how should i run this on TLS? 谁能告诉我如何在TLS上运行它?
The post request would be ulrencoded and would be somewhat like this after decoding https://:port//DataManager?a='1'?b='4' 发布请求将经过ulrencode编码,并在解码https://:port // DataManager?a ='1'?b ='4'后有点类似
The problem is it is working on SSLV3 but not on TLS,my question is do i need to add something extra on client side(Apache) which is on http and sending request to server(Tomcat) that is on HTTPS. 问题是它正在SSLV3上运行,但不能在TLS上运行,我的问题是我是否需要在HTTP的客户端(Apache)上添加一些额外的东西,并向HTTPS的server(Tomcat)发送请求。
Result of running the command for checking TLSv1: 运行用于检查TLSv1的命令的结果:
SSL handshake has read 2202 bytes and written 294 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID: 552BF0C890C7DEEDE02A2B1FB3FE7659DCD753C4458814A8104FF4EC8EEE65C5
Session-ID-ctx:
Master-Key: 2C482E9C0BEBF40CDDA378868A077391A387C94DA55ABC9997D1BB5139A1077D83364EED94DBE799CC82E8D46BC5FECB
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1428943048
Timeout : 7200 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
read from 0x83a0798 [0x83a7293] (5 bytes => 5 (0x5))
0000 - 15 03 01 00 18 .....
read from 0x83a0798 [0x83a7298] (24 bytes => 24 (0x18))
0000 - 87 53 37 c9 d2 5d 44 6b-94 c3 80 bd 17 3e 31 39 .S7..]Dk.....>19
0010 - 53 ac 52 bc e0 3b 53 89- S.R..;S.
closed
write to 0x83a0798 [0x83ab7e3] (29 bytes => 29 (0x1D))
0000 - 15 03 01 00 18 49 10 83-df 10 45 43 d5 9a 39 8f .....I....EC..9.
0010 - de df ec 3d 8c 68 76 0f-67 ca a5 79 91 ...=.hv.g..y.
1 个解决方案
解决方案1
0 已采纳 2015-04-13 18:21:05
SSL-Session: Protocol : TLSv1
As you can see, it uses TLSv1 successfully. 如您所见,它成功使用了TLSv1。
Failure in POSTing request to State Manager: [SSL Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number]
Don't let the SSL3_GET_RECORD confuse you. 不要让SSL3_GET_RECORD混淆您。 Since the record formats are same or similar functions with a name containing SSL3 get also used to process TLS data. 由于记录格式是相同或相似的,但名称中包含SSL3的函数也可以用于处理TLS数据。 It is not clear from your question what really is going on, but you might get this kind of message too if your application tries to do a TLSv12-only request against a server not supporting TLSv12. 从您的问题尚不清楚到底发生了什么,但是如果您的应用程序尝试对不支持TLSv12的服务器发出仅TLSv12的请求,您也可能会收到这种消息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.