如何静默调试 Safari 无法连接到安全的 WebSocket [英] How to debug Safari silently failing to connect to a secure WebSocket
问题描述
当做 new WebSocket('ws://server/');
Safari 连接正常,但当使用 new WebSocket('wss://server/');
code> 它完全失败(返回一个 null
对象).更糟糕的是,它默默地失败了 - 回溯(自定义 Eventlet 网络服务器)或 Safari 中的错误控制台中没有错误.
When doing new WebSocket('ws://server/');
Safari connects fine, but when using new WebSocket('wss://server/');
it completely fails (returns a null
object). Worse, it fails silently - no errors in traceback (a custom Eventlet web server) or in the error console within Safari.
Chrome 在安全和非安全主机上都能正常工作.
Chrome works fine with both the secure and non-secure host.
我将如何调试或修复此问题?Google 的信息非常匮乏.
How would I go about debugging or fixing this? Google is very short on information.
这里是运行 OpenSSL 代替 WebSockets 服务器的一些回溯,看看会发生什么.首先,这是 Chrome 的(确实有效)调试输出:
Here is some traceback from running OpenSSL in place of the WebSockets server and seeing what happens. Firstly, here's Chrome's (which does work) debug output:
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
SSL_accept:before/accept initialization
SSL_accept:SSLv3 read client hello A
SSL_accept:SSLv3 write server hello A
SSL_accept:SSLv3 write certificate A
SSL_accept:SSLv3 write key exchange A
SSL_accept:SSLv3 write server done A
SSL_accept:SSLv3 flush data
SSL_accept:SSLv3 read client key exchange A
SSL_accept:SSLv3 read finished A
SSL_accept:unknown state
SSL_accept:SSLv3 write change cipher spec A
SSL_accept:SSLv3 write finished A
SSL_accept:SSLv3 flush data
-----BEGIN SSL SESSION PARAMETERS-----
GIBBERISH HERE
-----END SSL SESSION PARAMETERS-----
Shared ciphers:CIPHERS_HERE
CIPHER is REDACTED
Secure Renegotiation IS supported
GET / HTTP/1.1
Upgrade: WebSocket
Connection: Upgrade
Host: live.redacted.com:8443
Origin: http://redacted.com
Sec-WebSocket-Key1: 1 [ B l wA 3 e60 d9[ n0!>8384
Sec-WebSocket-Key2: 2 5 1 7p 17 64 3 9
Cookie: __key=value
这里是 Safari 的(不起作用):
and here's Safari's (which doesn't work):
ACCEPT
SSL_accept:before/accept initialization
SSL_accept:SSLv3 read client hello A
SSL_accept:SSLv3 write server hello A
SSL_accept:SSLv3 write certificate A
SSL_accept:SSLv3 write server done A
SSL_accept:SSLv3 flush data
SSL_accept:failed in SSLv3 read client certificate A
ERROR
shutting down SSL
CONNECTION CLOSED
所以我认为 Safari 的证书存在问题,但在使用常规 HTTP 时不会显示.
So I think Safari has an issue with our certificates—but one it doesn't reveal when using regular HTTP.
推荐答案
系统管理员摆弄了一个修复程序:默认情况下将 OpenSSL 设置为 SSLv3
会杀死 Safari,但让它选择自己的 SSL 版本(all
) 工作正常.
Sysadmin fiddling has revealed a fix: setting OpenSSL to SSLv3
by default kills Safari, but letting it pick its own SSL version (all
) works fine.
这篇关于如何静默调试 Safari 无法连接到安全的 WebSocket的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!