"tlsv1警报内部错误";握手期间 [英] "tlsv1 alert internal error" during handshake
问题描述
我有一个检查URL可用性的PHP脚本(基本上,当可以在浏览器中打开URL时,该脚本应该为给定的URL返回true,反之亦然).我偶然发现了一个URL: https://thepiratebay.gd/.可以在浏览器中正确打开此URL,但是fsockopen()只会失败,并出现SSL握手错误.在PHP中调试fsockopen()的选项并不多,但是在深入研究它的同时,我发现我也无法连接到 https://使用控制台openssl客户端thepiratebay.gd/:
I have a PHP script that checks URLs availability (basically, the script should return true for a given URL when the URL could be opened in browser and vice versa). There is an URL I stumbled upon: https://thepiratebay.gd/. This URL could be correctly opened in browser, but fsockopen() just fails with the SSL handshake errors. There are not many options for debugging fsockopen() in PHP, but while digging more into it, I found that I am also not able to connect to https://thepiratebay.gd/ using console openssl client:
openssl s_client -connect thepiratebay.gd:443
CONNECTED(00000003)
39613:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:/SourceCache/OpenSSL098/OpenSSL098-50/src/ssl/s23_clnt.c:602:
该网站似乎可以使用网络浏览器或curl打开,但是我无法找到通过openssl连接到该网站的方法.显然,服务器使用带有ECDHE-ECDSA-AES128-GCM-SHA256密码的TLS 1.2,但是即使我为openssl强制使用TLS 1.2,它仍然会失败:
This website seem to open fine using web browser or curl, however, I was not able to find a way to connect to it via openssl. Apparently, the server uses TLS 1.2 with ECDHE-ECDSA-AES128-GCM-SHA256 cipher, but even when I force those for openssl, it still fails:
openssl s_client -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -connect thepiratebay.gd:443 -tls1_2
CONNECTED(00000003)
140735195829088:error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal error:s3_pkt.c:1256:SSL alert number 80
140735195829088:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1432931347
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
我尝试了各种openssl版本:0.9.8y,1.0.1g和最新的0.9.8zf和1.0.2a.我也尝试过至少在5台服务器(CentOS,Debian,OSX)上运行它,但是没有运气.
I've tried various openssl versions: 0.9.8y, 1.0.1g, and the most recent 0.9.8zf and 1.0.2a. I've also tried to run this on at least 5 servers (CentOS, Debian, OSX) with no luck.
其他网站似乎都处理得很好,这是一个成功的握手输出示例:
Every other website seem to be handled fine, here is an example of a successful handshake output:
openssl s_client -connect stackoverflow.com:443 -tls1
CONNECTED(00000003)
depth=1 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=NY/L=New York/O=Stack Exchange, Inc./CN=*.stackexchange.com
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGajCCBVKgAwIBAgIQCn1PE//Ffo4Be8tPBlsAZDANBgkqhkiG9w0BAQsFADBw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
dXJhbmNlIFNlcnZlciBDQTAeFw0xMzEwMjIxMjAwMDFaFw0xNjA3MDYxMjAwMDBa
MGoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJOWTERMA8GA1UEBxMITmV3IFlvcmsx
<---skipped few lines--->
qOHCjaUIx7vKszN4cqbvyry/NdxYkPCC7S8Eks8NjSyppzRL79tU0Yr1MUhVEd6h
GjB2qDwvAGqyWmLz1Q/l82lZbXyBF26DVTJ3RFRUzzieyzKucaVgohI7HC2yyJ9Y
AsE7wvVK4odQI3fRjOsLRaXjFtpiaor0rERUxM4mg7jj05leRBkSazNjv2xvCL5/
Qqm5PN666tREQwvgvXZgg+ZlKWkFyOq6X3THstM6CC8DTGED0cb94WPQA4YTp9OQ
rS3+OedQN+Nlu80Sk8Y=
-----END CERTIFICATE-----
subject=/C=US/ST=NY/L=New York/O=Stack Exchange, Inc./CN=*.stackexchange.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
---
No client certificate CA names sent
---
SSL handshake has read 3956 bytes and written 426 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES128-SHA
Session-ID: 2E38670F2CABEF3D65FAC67DB6D2E00DBACA4519E50B463D57FCFF8410640BF5
Session-ID-ctx:
Master-Key: 4C63E5502FF7DD36853048E775435A76CB1FDEB37104D6714B1C37D89482D8111B93574D2B3D7F38A1EEFF85D69F9F54
Key-Arg : None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 39 a8 c2 5f c5 15 04 b3-20 34 af fe 20 8e 4d 6c 9.._.... 4.. .Ml
0010 - 6e 63 f1 e3 45 fd 2a 2c-d9 3c 0d ac 11 ab c0 c9 nc..E.*,.<......
0020 - ce 51 19 89 13 49 53 a0-af 87 89 b0 5d e2 c5 92 .Q...IS.....]...
0030 - af e5 84 28 03 4e 1e 98-4c a7 03 d5 5f fc 15 69 ...(.N..L..._..i
0040 - 7c 83 d2 98 7d 42 50 31-30 00 d7 a8 3c 85 88 a7 |...}BP10...<...
0050 - cd c0 bb 45 c8 12 b1 c8-4b 76 3c 41 5e 47 04 b5 ...E....Kv<A^G..
0060 - 60 67 22 76 60 bb 44 f3-4b 3d 3d 99 af 0e dd 0d `g"v`.D.K==.....
0070 - 13 95 db 94 90 c2 0f 47-26 04 65 6b 71 b2 f8 1c .......G&.ekq...
0080 - 31 95 82 8b 00 38 59 08-1e 84 80 dc da 04 5c f0 1....8Y.......\.
0090 - ae cc 2b ac 55 0f 39 59-0b 39 7d c7 16 b9 60 ef ..+.U.9Y.9}...`.
Start Time: 1432930782
Timeout : 7200 (sec)
Verify return code: 0 (ok)
很难相信所有这些openssl版本都具有相同的错误,因此我认为我做错了什么.
It is hard to believe that all these openssl versions have the same bug, so I'm thinking that I'm doing something wrong.
任何人都可以建议如何使用openssl连接到该特定网站吗?
Can anyone advice how to connect to this particular website using openssl?
推荐答案
这两个是不好的组合:
-cipher ECDHE-ECDSA-AES128-GCM-SHA256
并且:
error:/SourceCache/OpenSSL098/OpenSSL098-50/src/ssl/s23_clnt.c
OpenSSL 0.9.8没有完全的EC支持.而且它不支持TLS 1.1或1.2.要获得AEAD密码套件,您需要使用TLS 1.2.这意味着您需要OpenSSL 1.0.0或更高版本(IIRC).
OpenSSL 0.9.8 does not have full EC support. And it does not support TLS 1.1 or 1.2. To get the AEAD cipher suites, you need to use TLS 1.2. That means you need OpenSSL 1.0.0 or above (IIRC).
OpenSSL 1.0.1和1.0.2拥有它们,因此使用这些版本可能更好.
OpenSSL 1.0.1 and 1.0.2 have them, so its probably better to use those versions.
openssl s_client -connect thepiratebay.gd:443 ...
您要查找的命令是:openssl s_client -connect thepiratebay.gd:443 -tls1_2 -servername thepiratebay.gd -CAfile XXX. -servername征募SNI.
The command you are looking for is: openssl s_client -connect thepiratebay.gd:443 -tls1_2 -servername thepiratebay.gd -CAfile XXX. -servername enlists SNI.
当我访问该站点时,该服务器已通过 AddTrust外部CA Root 认证.当您访问该网站时,该网站已通过 DigiCert高保证EV根CA 认证.当您再次访问该网站时,该网站已通过 COMODO ECC证书颁发机构进行了认证.
When I hit the site, the server was certified by AddTrust External CA Root. When you hit the site, it was certified by DigiCert High Assurance EV Root CA. And when you hit the site again, it was certified by COMODO ECC Certification Authority.
不同的CA和配置与负载均衡器后面的分布式站点进行通信,每个参与的Web服务器的配置略有不同.
The different CAs and configurations speak to a distributed site behind a load balancer, with each participating web server in a slightly different configuration.
除了多个Web服务器和配置外,某些Web服务器本身也配置不正确.它们配置错误,因为它们没有发送构建验证路径所需的链.
In addition to multiple web servers and configurations, some of the web servers themselves are misconfigured. They are misconfigured because they do not send the chain required to build a path for validation.
该链应包括(1)服务器证书; (2)形成到根"的链的从属CA或中间体.对于(2),可能有一种或多种中间体.
The chain should include (1) the server certificate; (2) Subordinate CAs or intermediates that form the chain to the "root". For (2), there may be one or more intermediates.
该链不应包含根.您必须具有根,并且必须是根.
The chain should not include the root. You have to have the root, and it must be trusted.
该网站似乎可以使用网络浏览器或curl打开,但是我无法找到通过openssl连接该网站的方法...
This website seem to open fine using web browser or curl, however, I was not able to find a way to connect to it via openssl...
这是因为由于Web服务器配置错误,浏览器会携带数百个根CA和从属CA列表:)该列表包括 AddTrust外部CA根, DigiCert高保证EV根CA 和 COMODO ECC根证书颁发机构.
This is because the browsers carry around a list of hundreds of Root CAs and Subordinate CAs due to web server misconfigurations :) The list includes AddTrust External CA Root, DigiCert High Assurance EV Root CA, and COMODO ECC Root Certificate Authority.
任何人都可以建议如何使用openssl连接到该特定网站吗?
Can anyone advice how to connect to this particular website using openssl?
好,对于OpenSSL命令,您应该使用-CAfile.通常,您只需要使用openssl s_client -connect ... -CAfile DigiCertHighAssuranceEVRootCA.crt之类的东西(对于通过 DigiCert高保证EV根CA 认证的服务器).但这在这种情况下是行不通的.
OK, for the OpenSSL command, you should use -CAfile. Usually, you just use something like openssl s_client -connect ... -CAfile DigiCertHighAssuranceEVRootCA.crt (for the server certified with DigiCert High Assurance EV Root CA). But that won't work in this case.
您必须使用所需的根CA和从属CA创建一个文件.该文件应是构建验证服务器证书路径所需的PEM格式的根CA和从属CA的串联.看来至少需要3或4个证书.
You have to create a single file with the required Root and Subordinate CAs. The file should be a concatenation of the Root CAs and Subordinate CAs in PEM format required to build a path to validate the server certificate. It looks like it will need at least 3 or 4 certificates.
或者,您可以放弃构建自己的文件,而使用类似 cacert.pem .但是使用CA Zoo会有一些风险(我对他们的深情称呼).有关某些风险,请参见 cacert.pem是否是我的计算机所独有的?.
Or, you could forgo building you own file, and use something like cacert.pem. But there is some risk in using the CA Zoo (my affectionate term for them). For some of the risks, see Is cacert.pem unique to my computer?.
以编程方式,您将在OpenSSL中使用 SSL_CTX_load_verify_locations .串联的PEM文件通过CAfile传递.
Programmatically, you would use SSL_CTX_load_verify_locations in OpenSSL. The concatenated PEM file is passed though CAfile.
我不确定您将在PHP中使用什么.
I'm not sure what you would use in PHP.
相关的 cacert.pem 有155个根和下属.其中大多数不需要认证站点thepiratebay.gd:
$ cat cacert.pem | grep BEGIN | wc -l
155
因此,您希望将CAfile限制为仅用于认证站点的那些原因.
Hence the reason you want to restrict your CAfile to only those necessary to certify the site.
(评论)不确定这是否是正确的线程,但是现在我想知道是否有一种方法可以以编程方式跳过这些检查中的一些以减少假阴性的数量...
(comment) Not sure this is the correct thread to ask, but now I wonder if there is a way to skip some of these checks programmatically to reduce number of false negatives...
我可能不放弃支票.既然您了解了正在发生的事情,那么使用该系统而不是放弃它应该会更容易.
I would probably not forgo the checks. Now that you understand what's going on, it should be easier to work with the system rather than abandoning it.
要重申,可以:
-
仅使用必要的根CA和下属CA
Use only necessary Root and Subordinate CAs
- 您构建它,将PEM证书串联起来
- 创建文件
piratebay-certs.pem - 添加必要的CA
使用具有预定义的受信任的根和从属CA的CA Zoo
Use a CA Zoo with predifined trusted Root and Subordinate CAs
- 您下载了
-
cacert.pem
第三个选项是让站点修复其Web服务器配置.但是,如果到现在还没有发生,它可能不会发生. (这可能是一项设计决定-该站点可能使用多个CA,以确保没有一个CA可以对该站点进行DoS.但这不能解决不完整的链.)
The third option is to get the site to fix its web server configurations. But if it has not happened by now, it probably won't happen. (And it could be a design decision - the site may be using multiple CAs to ensure no one CA can DoS the site. But that does not address the incomplete chain).
更一般的观察结果:
我有一个检查URL可用性的PHP脚本(基本上,当可以在浏览器中打开该URL时,该脚本应该对给定的URL返回true,反之亦然
I have a PHP script that checks URLs availability (basically, the script should return true for a given URL when the URL could be opened in browser and vice versa
尤其是在检查随机URL时,远离piratebay.gd可能需要使用cacert.pem.那是因为随机抽样的100万个站点可能会全部使用它们.
Moving away from piratebay.gd in particular to checking random URLs, you will probably have to use cacert.pem. That's because a random sample of 1 million sites will likely use all of them.
如果piratebay.gd仍然失败,则找出cacert.pem中缺少的内容,然后:
If piratebay.gd still fails, then find out what is missing from cacert.pem, and then:
cat cacert.pem > my-expanded-cacert.pem
cat missing-cert.pem >> my-expanded-cacert.pem
这篇关于"tlsv1警报内部错误";握手期间的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
