错误:140770FC:SSL例程:SSL23_GET_SERVER_HELLO:未知协议 [英] error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

问题描述

我目前正在尝试测试已实现的更改，以在Cloudera Hadoop环境中使用Encrypted Shuffle实现安全性.

I'm currently trying to test the implemented changes for achieving security with Encrypted Shuffle in Cloudera Hadoop Environment.

我已经创建了证书和密钥库，并将它们保存在适当的位置.

I've created the certificates and keystores and kept them in appropriate locations.

我正在测试TaskTracker的HTTPS端口50060.

I'm testing TaskTracker's HTTPS port of 50060.

当我在该端口上卷曲时，我得到的错误响应以下.

When I do a curl on that port, I get below error response.

ubuntu@node2:~$ curl -v -k "https://10.0.10.90:50060"
* About to connect() to 10.0.10.90 port 50060 (#0)
*   Trying 10.0.10.90... connected
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection #0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

当我与开放的ssl客户端进行检查时，我得到了以下答复

When I did check with open ssl client, i got below response

 ubuntu@node2:~$ openssl s_client -connect 10.0.10.90:50060
CONNECTED(00000003)
139749924464288:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:749:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 225 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

我无法弄清楚是什么原因导致了此问题?

I'm not able to figure out what might be causing this issue ?

有什么我想念的吗?

PS:我已经更新了ca-certificates.crt文件，并将服务器.crt文件保留在/usr/share/ca-certificates/mozilla

PS : I've updated the ca-certificates.crt file and also kept the server .crt file under /usr/share/ca-certificates/mozilla

推荐答案

错误:140770FC:SSL例程:SSL23_GET_SERVER_HELLO:未知协议

error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

似乎没有SSL/TLS服务器在10.0.10.90:50060上侦听.有一个服务器正在监听，但不是SSL/TLS.

It appears there is no SSL/TLS server listening on 10.0.10.90:50060. There is a server listening, its just not SSL/TLS.

通过端口80(而不是443)连接到网关时，我可以复制它.

I can duplicate it when connecting to my gateway over port 80 (rather than 443).

$ openssl s_client -connect 192.168.1.1:80
CONNECTED(00000003)
140735109476828:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:787:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 517 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

如果使用-debug标志，则在OpenSSL试图将其解释为SSL/TLS协议数据的响应中，您将看到HTTP:

And if you use the -debug flag, you will see the HTTP in the response that OpenSSL is trying to interpret as SSL/TLS protocol data:

$ openssl s_client -connect 192.168.1.1:80 -debug
CONNECTED(00000003)
write to 0x7fbf58422b90 [0x7fbf58811800] (348 bytes => 348 (0x15C))
0000 - 16 03 01 01 57 01 00 01-53 03 03 64 1d 01 29 f0   ....W...S..d..).
...
0150 - 03 02 01 02 02 02 03 00-0f 00 01 01               ............
read from 0x7fbf58422b90 [0x7fbf58816e00] (7 bytes => 7 (0x7))
0000 - 48 54 54 50 2f 31 2e                              HTTP/1.
140735203164636:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:

这篇关于错误:140770FC:SSL例程:SSL23_GET_SERVER_HELLO:未知协议的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！