堆栈内存溢出
  简体   繁体   English

仅在IOS上SSL握手失败

[英]SSL handshake fail on IOS only

 原文  2016-05-26 10:42:19       ios/ iphone/ cordova/ ssl/ websocket

问题描述

I'm developing an app using cordova (5.2.0). 我正在使用cordova(5.2.0)开发一个应用程序。 On mac I'm using Xcode 6.4 to generate the .ipa 在Mac上,我使用Xcode 6.4生成.ipa

At some point I initialize a secure websocket connexion (certificates are not self signed, length is 2048) like this in js: 在某些时候,我在js中初始化一个安全的websocket连接(证书不是自签名的,长度是2048),如下所示:

socket_ip = new WebSocket(wss://perform.domain.com:8080, "image-processing-protocol");

The connexion is working on Android and also from desktop browser (safari too). 连接正在Android上运行,也适用于桌面浏览器(Safari也是如此)。

However, from my Iphone(8.4) I got a : 但是,从我的Iphone(8.4)我得到了:

CFNetwork SSLHandshake failed (-9807) which means "Invalid certificate chain" CFNetwork SSLHandshake失败(-9807),意味着“无效的证书链”

On server side the message I got is: 在服务器端,我收到的消息是:

error:00000005:lib(0):func(0):DH 错误:00000005:LIB(0):函数(0):DH

My sever configuration is: 我的服务器配置是:

  • info.ssl_cert_filepath = "sslCertificates/myCert.cer"; info.ssl_cert_filepath =“sslCertificates / myCert.cer”;
  • info.ssl_private_key_filepath ="sslCertificates/myCert"; info.ssl_private_key_filepath =“sslCertificates / myCert”;
  • info.ssl_ca_filepath ="sslCertificates/GlobalSignRootCA.cer" info.ssl_ca_filepath =“sslCertificates / GlobalSignRootCA.cer”
  • info.ssl_cipher_list ="RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5" info.ssl_cipher_list =“RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5”

Looks like my issue is similat to openssl-ssl-accept-error-5 . 看起来我的问题与openssl-ssl-accept-error-5类似。 I then tried to set up a cipher list without DH but I still got the error. 然后我尝试设置一个没有DH的密码列表,但我仍然遇到错误。 I am probably missing something to configure on my libsocket server. 我可能在我的libsocket服务器上缺少配置的东西。

As long as I'm using a commercial certificate and it's working with other devices I don't understand with the connexion with IOS failed. 只要我使用商业证书并且它与其他设备一起工作,我就不明白与IOS的联系失败了。

Any Help would be much appreciated, Thanks! 非常感谢任何帮助,谢谢!

2 个解决方案

解决方案1
 0  2016-05-26 10:55:01

是否还需要添加GlobalSignRootCA的中间证书?

解决方案2
 0 已采纳  2016-06-06 08:12:46

I did the checks as Steffen suggested. 我做了Steffen建议的检查。 Solution was to set elliptic curve Diffie Hellman protocol up within libwebsocket. 解决方案是在libwebsocket中设置椭圆曲线Diffie Hellman协议。

Thanks for your help. 谢谢你的帮助。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为什么iOS SSL握手失败而另一端具有受信任的证书 - Why would IOS SSL handshake fail with a trusted certificate at the other end iOS SSL握手失败 - iOS SSL handshake failed 仅 nginx 和 iOS 11 之间的 SSL 握手失败 (40) - SSL handshake failure (40) between nginx and iOS 11 only iOS 应用 SSL 握手失败 - iOS app SSL handshake failed iOS:SocketRocket-如何实现SSL握手 - iOS: SocketRocket - How to implement SSL Handshake 在iOS应用中唯一标识SSL握手 - Uniquely identify SSL Handshake in iOS app AFNetworking SSL证书失败iOS - AFNetworking SSL certificate fail iOS Safari 5 / iOS,WebSocket握手有时仅适用 - Safari 5 / iOS, WebSocket handshake only works sometimes iOS推送通知(APN)超过GAE,SSL握手失败 - iOS Push Notifications (APNs) over GAE, SSL Handshake Failure iOS到Node.js后端SSL握手失败 - iOS to Node.js Backend SSL handshake failing
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM