OpenSSL errno 10054，连接被拒绝，同时尝试连接到我们的服务器 [英] OpenSSL errno 10054,connection refused, whilst trying to connect to our server

问题描述

我们通过https运行git服务器，并且没有任何连接问题，因为我们都使用visual studio来这样做。现在有人想使用标准的git bash，它无法连接到下面的错误输出。

 致命：无法访问' https：//server/Repo.git/'：连接到服务器的未知SSL协议错误：443 
  

我尝试了一些不同的密码套件，没有任何工作。然后它告诉我，这可能是git不支持ECDSA证书。所以我将ECDSA证书换成了RSA证书。然后，我尝试使用以下命令与OpenSSL s_client连接：

 的OpenSSL> s_client -connect server：443 
  

这是运行命令的输出：

  CONNECTED（0000018C）
写入：errno = 10054 
 --- 
无对等证书可用
 --- 
未发送客户端证书CA名称
 --- 
 SSL握手已读取0个字节并写入307个字节
 --- 
新建，（NONE） ，密码是（NONE）
不支持安全重新协商
压缩：NONE 
扩展：NONE 
 --- 
  

我搜索了谷歌错误号 10054 ，发现它意味着连接被拒绝。我们使用IIS 8.5为git服务器提供https端点。我可以通过所有web浏览器连接到Web环境，并且可以通过visual studio git界面使用git服务器。所以我不认为这是一个防火墙问题。
我想知道是否有人曾经遇到过这个问题，他们是否可以帮助我们在这里？

解决方案

确认您使用的是TLS 1.0或更高版本。某些服务器需要TLS 1.2。如果您不确定您的服务器是否支持TLS 1.2，请查看Steffen Ulrich上面的答案，然后尝试一下。

如果这样做没有帮助，请检查 SNI 是端点所必需的。如果是这样的话，这可能是问题所在。如果您调用 s_client 命令并将 servername 参数设置为您想要联系的服务器名称，

基本命令示例：

  s_client -connect example.com ：443 -tls1 -servername example.com 
  

您可以找到 s_client at s_client 手册页。

We are running a git server over https and didn't have any trouble connecting because we all used visual studio to do so. Now someone wants to use the standard git bash and it fails to connect with the following error output.

fatal: unable to access 'https://server/Repo.git/': Unknown SSL protocol error in connection to server:443

I tried some different ciphersuites, nothing worked. Then it came to me that it might be that git doesn't support ECDSA certificates yet. So I exchanged the ECDSA certificate for one with RSA. That also didn't work.

Then I tried connecting with OpenSSL s_client with the following command:

OpenSSL> s_client -connect server:443

This is the output from running the command:

CONNECTED(0000018C)
write:errno=10054
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 307 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

I searched google for the error number 10054 and found it means connection refused. We use IIS 8.5 to supply the https endpoint for the git server. I can connect to the web environment through all webbrowsers and we can use the git server through the visual studio git interface. So I don't think it's a firewall issue. I'd like to know if anyone has experienced this problem before and if they could help us out here?

解决方案

Verify that you are using TLS 1.0 or above. Some servers require TLS 1.2. If you are not sure that your server supports up to TLS 1.2 look at Steffen Ulrich's answer above and try that first.

If that does not help, then check if SNI is required for the endpoint. If that is the case this might be the problem. If you call the s_client command with the servername parameter set to the servername which you'd like to contact that should work.

Example basic command:

s_client -connect example.com:443 -tls1 -servername example.com

You can find the options for s_client at s_client man page.

这篇关于OpenSSL errno 10054，连接被拒绝，同时尝试连接到我们的服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！