如何静默调试 Safari 无法连接到安全的 WebSocket [英] How to debug Safari silently failing to connect to a secure WebSocket

查看:47
本文介绍了如何静默调试 Safari 无法连接到安全的 WebSocket的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

当做 new WebSocket('ws://server/'); Safari 连接正常,但当使用 new WebSocket('wss://server/');code> 它完全失败(返回一个 null 对象).更糟糕的是,它默默地失败了 - 回溯(自定义 Eventlet 网络服务器)或 Safari 中的错误控制台中没有错误.

When doing new WebSocket('ws://server/'); Safari connects fine, but when using new WebSocket('wss://server/'); it completely fails (returns a null object). Worse, it fails silently - no errors in traceback (a custom Eventlet web server) or in the error console within Safari.

Chrome 在安全和非安全主机上都能正常工作.

Chrome works fine with both the secure and non-secure host.

我将如何调试或修复此问题?Google 的信息非常匮乏.

How would I go about debugging or fixing this? Google is very short on information.

这里是运行 OpenSSL 代替 WebSockets 服务器的一些回溯,看看会发生什么.首先,这是 Chrome 的(确实有效)调试输出:

Here is some traceback from running OpenSSL in place of the WebSockets server and seeing what happens. Firstly, here's Chrome's (which does work) debug output:

Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
SSL_accept:before/accept initialization
SSL_accept:SSLv3 read client hello A
SSL_accept:SSLv3 write server hello A
SSL_accept:SSLv3 write certificate A
SSL_accept:SSLv3 write key exchange A
SSL_accept:SSLv3 write server done A
SSL_accept:SSLv3 flush data
SSL_accept:SSLv3 read client key exchange A
SSL_accept:SSLv3 read finished A
SSL_accept:unknown state
SSL_accept:SSLv3 write change cipher spec A
SSL_accept:SSLv3 write finished A
SSL_accept:SSLv3 flush data
-----BEGIN SSL SESSION PARAMETERS-----
GIBBERISH HERE
-----END SSL SESSION PARAMETERS-----
Shared ciphers:CIPHERS_HERE
CIPHER is REDACTED
Secure Renegotiation IS supported
GET / HTTP/1.1
Upgrade: WebSocket
Connection: Upgrade
Host: live.redacted.com:8443
Origin: http://redacted.com
Sec-WebSocket-Key1: 1 [ B l wA 3 e60   d9[  n0!>8384
Sec-WebSocket-Key2: 2 5  1  7p 17 64 3 9
Cookie: __key=value

这里是 Safari 的(不起作用):

and here's Safari's (which doesn't work):

ACCEPT
SSL_accept:before/accept initialization
SSL_accept:SSLv3 read client hello A
SSL_accept:SSLv3 write server hello A
SSL_accept:SSLv3 write certificate A
SSL_accept:SSLv3 write server done A
SSL_accept:SSLv3 flush data
SSL_accept:failed in SSLv3 read client certificate A
ERROR
shutting down SSL
CONNECTION CLOSED

所以我认为 Safari 的证书存在问题,但在使用常规 HTTP 时不会显示.

So I think Safari has an issue with our certificates—but one it doesn't reveal when using regular HTTP.

推荐答案

系统管理员摆弄了一个修复程序:默认情况下将 OpenSSL 设置为 SSLv3 会杀死 Safari,但让它选择自己的 SSL 版本(all) 工作正常.

Sysadmin fiddling has revealed a fix: setting OpenSSL to SSLv3 by default kills Safari, but letting it pick its own SSL version (all) works fine.

这篇关于如何静默调试 Safari 无法连接到安全的 WebSocket的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
前端开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆