2. 질의 응답
  3. Linux에서 Java SSL 연결 재설정, Windows가 제대로 작동 함

Linux에서 Java SSL 연결 재설정, Windows가 제대로 작동 함

2017-11-06 1 views
3

HTTPS를 통해 Apache Camel을 사용하여 .NET 기반 웹 서비스에 연결하려고합니다. 이 호출은 Windows에서 제대로 실행되지만 Linux 기반 시스템은 SSL 핸드 셰이크 단계에서 원격 웹 서비스에 의한 연결 재설정으로 제공됩니다. Linux에서 cURL 또는 Postman의 URL을 호출해도 문제가 없으므로 문제는 JVM과 관련이있는 것으로 보입니다.Linux에서 Java SSL 연결 재설정, Windows가 제대로 작동 함

우리는 SSL 추적 로깅을 사용하도록 설정했는데 두 시스템이 정확히 같은 암호 제품군을 협상하는 것처럼 보였으므로 연결이 재설정되는 이유를 알 수 없습니다. 우리는 원격 웹 서비스 로깅의 로깅에 액세스 할 수 없기 때문에이 문제를 계속 디버깅하는 방법을 실제로 알지 못합니다. ...

두 플랫폼 모두에 대한 SSL 추적 로깅을 생략하고 아래에 포함 시켰습니다. 우리가 놓친 부분이 있습니까? 아니면 원격 로깅없이이 문제를 디버깅 할 수 있습니까?

리눅스 SSL 추적 로깅 :

Allow unsafe renegotiation: false 
Allow legacy hello messages: true 
Is initial handshake: true 
Is secure renegotiation: false 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1 
%% No cached client session 
*** ClientHello, TLSv1.2 
RandomCookie: GMT: 1509952410 bytes = ...truncated... 
Session ID: {} 
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 
Compression Methods: { 0 } 
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} 
Extension ec_point_formats, formats: [uncompressed] 
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA 
Extension server_name, server_name: [type=host_name (0), value=...truncated...] 
*** 
http-nio-8080-exec-7, WRITE: TLSv1.2 Handshake, length = 230 
http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 91 
*** ServerHello, TLSv1.2 
RandomCookie: GMT: 720603056 bytes = ...truncated... 
Session ID: ...truncated... 
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
Compression Method: 0 
Extension renegotiation_info, renegotiated_connection: <empty> 
Extension server_name, server_name: 
Extension ec_point_formats, formats: [uncompressed] 
*** 
%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] 
** TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 3959 
*** Certificate chain 
chain [0] = [ 
[ 
    Version: V3 
    Subject: ...truncated... 
    Signature Algorithm: SHA256withRSA, OID = ...truncated... 

    Key: Sun RSA public key, 2048 bits 
    modulus: ...truncated... 
    public exponent: ...truncated... 
    Validity: [...truncated...] 
    Issuer: CN=GlobalSign Extended Validation CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE 
    SerialNumber: [ ...truncated...] 

Certificate Extensions: 10 
[1]: ObjectId: ...truncated... Criticality=false 
Extension unknown: DER encoded OCTET string = 
...truncated... 


[2]: ObjectId: ...truncated... Criticality=false 
AuthorityInfoAccess [ 
    [ 
    accessMethod: caIssuers 
    accessLocation: URIName: http://secure.globalsign.com/cacert/gsextendvalsha2g3r3.crt 
, 
    accessMethod: ocsp 
    accessLocation: URIName: http://ocsp2.globalsign.com/gsextendvalsha2g3r3 
] 
] 

[3]: ObjectId: ...truncated... Criticality=false 
AuthorityKeyIdentifier [ 
KeyIdentifier [ 
...truncated... 
] 
] 

[4]: ObjectId: ...truncated... Criticality=false 
BasicConstraints:[ 
    CA:false 
    PathLen: undefined 
] 

[5]: ObjectId: ...truncated... Criticality=false 
CRLDistributionPoints [ 
    [DistributionPoint: 
    [URIName: http://crl.globalsign.com/gs/gsextendvalsha2g3r3.crl] 
]] 

[6]: ObjectId: ...truncated... Criticality=false 
CertificatePolicies [ 
    [CertificatePolicyId: [...truncated...] 
[PolicyQualifierInfo: [ 
    qualifierID: ...truncated... 
    qualifier: ...truncated... 

]] ] 
    [CertificatePolicyId: [...truncated...] 
[] ] 
] 

[7]: ObjectId: ...truncated... Criticality=false 
ExtendedKeyUsages [ 
    serverAuth 
    clientAuth 
] 

[8]: ObjectId: ...truncated... Criticality=true 
KeyUsage [ 
    DigitalSignature 
    Key_Encipherment 
] 

[9]: ObjectId: ...truncated... Criticality=false 
SubjectAlternativeName [ 
    DNSName: ...truncated... 
    DNSName: ...truncated... 
    DNSName: ...truncated... 
] 

[10]: ObjectId: ...truncated... Criticality=false 
SubjectKeyIdentifier [ 
KeyIdentifier [ 
...truncated... 
] 
] 

] 
    Algorithm: [SHA256withRSA] 
    Signature: 
...truncated... 

] 
chain [1] = [ 
[ 
    Version: V3 
    Subject: CN=GlobalSign Extended Validation CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE 
    Signature Algorithm: SHA256withRSA, OID = ...truncated... 

    Key: Sun RSA public key, 2048 bits 
    modulus: ...truncated... 
    public exponent: ...truncated... 
    Validity: [...truncated...] 
    Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 
    SerialNumber: [ ...truncated...] 

Certificate Extensions: 7 
[1]: ObjectId: ...truncated... Criticality=false 
AuthorityInfoAccess [ 
    [ 
    accessMethod: ocsp 
    accessLocation: URIName: http://ocsp2.globalsign.com/rootr3 
] 
] 

[2]: ObjectId: ...truncated... Criticality=false 
AuthorityKeyIdentifier [ 
KeyIdentifier [ 
...truncated... 
] 
] 

[3]: ObjectId: ...truncated... Criticality=true 
BasicConstraints:[ 
    CA:true 
    PathLen:0 
] 

[4]: ObjectId: ...truncated... Criticality=false 
CRLDistributionPoints [ 
    [DistributionPoint: 
    [URIName: http://crl.globalsign.com/root-r3.crl] 
]] 

[5]: ObjectId: ...truncated... Criticality=false 
CertificatePolicies [ 
    [CertificatePolicyId: [...truncated...] 
[PolicyQualifierInfo: [ 
    qualifierID: ...truncated... 
    qualifier: ...truncated... 

]] ] 
] 

[6]: ObjectId: ...truncated... Criticality=true 
KeyUsage [ 
    Key_CertSign 
    Crl_Sign 
] 

[7]: ObjectId: ...truncated... Criticality=false 
SubjectKeyIdentifier [ 
KeyIdentifier [ 
...truncated... 
] 
] 

] 
    Algorithm: [SHA256withRSA] 
    Signature: 
...truncated... 

] 
chain [2] = [ 
[ 
    Version: V3 
    Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 
    Signature Algorithm: SHA256withRSA, OID = ...truncated... 

    Key: Sun RSA public key, 2048 bits 
    modulus: ...truncated... 
    public exponent: ...truncated... 
    Validity: [...truncated...] 
    Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 
    SerialNumber: [ ...truncated...] 

Certificate Extensions: 3 
[1]: ObjectId: ...truncated... Criticality=true 
BasicConstraints:[ 
...truncated... 
] 

[2]: ObjectId: ...truncated... Criticality=true 
KeyUsage [ 
...truncated... 
] 

[3]: ObjectId: ...truncated... Criticality=false 
SubjectKeyIdentifier [ 
KeyIdentifier [ 
...truncated... 
] 
] 

] 
    Algorithm: [SHA256withRSA] 
    Signature: ...truncated... 

] 
*** 
Found trusted certificate: 
[ 
[ 
    Version: V3 
    Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 
    Signature Algorithm: SHA256withRSA, OID = ...truncated 

    Key: Sun RSA public key, 2048 bits 
    modulus: ...truncated... 
    public exponent: ...truncated... 
    Validity: [...truncated...] 
    Issuer: ...truncated... 
    SerialNumber: [ ...truncated...] 

Certificate Extensions: 3 
[1]: ObjectId: ...truncated... Criticality=true 
BasicConstraints:[ 
    CA:true 
    PathLen:...truncated... 
] 

[2]: ObjectId: ...truncated... Criticality=true 
KeyUsage [ 
    Key_CertSign 
    Crl_Sign 
] 

[3]: ObjectId: 2.5.29.14 Criticality=false 
SubjectKeyIdentifier [ 
KeyIdentifier [ 
...truncated... 
] 
] 

] 
    Algorithm: [SHA256withRSA] 
    Signature: 
...truncated... 
] 
http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 333 
*** ECDH ServerKeyExchange 
Signature Algorithm SHA256withRSA 
Server key: Sun EC public key, 256 bits 
    public x coord: ...truncated... 
    public y coord: ...truncated... 
    parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) 
http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 4 
*** ServerHelloDone 
*** ECDHClientKeyExchange 
ECDH Public value: ...truncated... 
http-nio-8080-exec-7, WRITE: TLSv1.2 Handshake, length = 70 
SESSION KEYGEN: 
PreMaster Secret: 
...truncated... 
CONNECTION KEYGEN: 
Client Nonce: 
...truncated... 
Server Nonce: 
...truncated... 
Master Secret: 
...truncated... 
... no MAC keys used for this cipher 
Client write key: 
...truncated... 
Server write key: 
...truncated 
Client write IV: 
...truncated... 
Server write IV: 
...truncated.... 
http-nio-8080-exec-7, WRITE: TLSv1.2 Change Cipher Spec, length = 1 
*** Finished 
...truncated... 
*** 
http-nio-8080-exec-7, WRITE: TLSv1.2 Handshake, length = 40 
http-nio-8080-exec-7, READ: TLSv1.2 Change Cipher Spec, length = 1 
http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 40 
*** Finished 
...truncated... 
*** 
%% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] 
http-nio-8080-exec-7, WRITE: TLSv1.2 Application Data, length = 2370 
http-nio-8080-exec-7, handling exception: java.net.SocketException: Connection reset 
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] 
http-nio-8080-exec-7, SEND TLSv1.2 ALERT: fatal, description = unexpected_message 
http-nio-8080-exec-7, WRITE: TLSv1.2 Alert, length = 26 
http-nio-8080-exec-7, Exception sending alert: java.net.SocketException: Broken pipe (Write failed) 
http-nio-8080-exec-7, called closeSocket() 
http-nio-8080-exec-7, called close() 
http-nio-8080-exec-7, called closeInternal(true)

윈도우 SSL 추적 로깅 : 우리는 실제로 원격 로깅의 도움으로 문제를 발견했습니다

Allow unsafe renegotiation: false 
Allow legacy hello messages: true 
Is initial handshake: true 
Is secure renegotiation: false 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1 
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1 
%% No cached client session 
*** ClientHello, TLSv1.2 
RandomCookie: GMT: 1509957147 bytes = ...truncated... 
Session ID: {} 
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 
Compression Methods: { 0 } 
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} 
Extension ec_point_formats, formats: [uncompressed] 
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA 
Extension server_name, server_name: [type=host_name (0), value=...truncated...] 
*** 
http-nio-8080-exec-10, WRITE: TLSv1.2 Handshake, length = 258 
http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 91 
*** ServerHello, TLSv1.2 
RandomCookie: GMT: -607016418 bytes = ...truncated... 
Session ID: ...truncated... 
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
Compression Method: 0 
Extension renegotiation_info, renegotiated_connection: <empty> 
Extension server_name, server_name: 
Extension ec_point_formats, formats: [uncompressed] 
*** 
%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] 
** TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 3959 
*** Certificate chain 
chain [0] = [ 
[ 
    Version: V3 
    Subject: ...truncated... 
    Signature Algorithm: SHA256withRSA, OID = ...truncated... 

    Key: Sun RSA public key, 2048 bits 
    modulus: ...truncated... 
    public exponent: ...truncated... 
    Validity: [...truncated...] 
    Issuer: CN=GlobalSign Extended Validation CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE 
    SerialNumber: [ ...truncated...] 

Certificate Extensions: 10 
[1]: ObjectId: ...truncated... Criticality=false 
Extension unknown: DER encoded OCTET string = 
...truncated... 


[2]: ObjectId: ...truncated... Criticality=false 
AuthorityInfoAccess [ 
    [ 
    accessMethod: caIssuers 
    accessLocation: URIName: http://secure.globalsign.com/cacert/gsextendvalsha2g3r3.crt 
, 
    accessMethod: ocsp 
    accessLocation: URIName: http://ocsp2.globalsign.com/gsextendvalsha2g3r3 
] 
] 

[3]: ObjectId: ...truncated... Criticality=false 
AuthorityKeyIdentifier [ 
KeyIdentifier [ 
...truncated... 
] 
] 

[4]: ObjectId: ...truncated... Criticality=false 
BasicConstraints:[ 
    CA:false 
    PathLen: undefined 
] 

[5]: ObjectId: ...truncated... Criticality=false 
CRLDistributionPoints [ 
    [DistributionPoint: 
    [URIName: http://crl.globalsign.com/gs/gsextendvalsha2g3r3.crl] 
]] 

[6]: ObjectId: ...truncated... Criticality=false 
CertificatePolicies [ 
    [CertificatePolicyId: [...truncated...] 
[PolicyQualifierInfo: [ 
    qualifierID: ...truncated... 
    qualifier: ...truncated... 

]] ] 
    [CertificatePolicyId: [...truncated...] 
[] ] 
] 

[7]: ObjectId: ...truncated... Criticality=false 
ExtendedKeyUsages [ 
    serverAuth 
    clientAuth 
] 

[8]: ObjectId: ...truncated... Criticality=true 
KeyUsage [ 
    DigitalSignature 
    Key_Encipherment 
] 

[9]: ObjectId: ...truncated... Criticality=false 
SubjectAlternativeName [ 
    DNSName: ...truncated... 
    DNSName: ...truncated... 
    DNSName: ...truncated... 
] 

[10]: ObjectId: ...truncated... Criticality=false 
SubjectKeyIdentifier [ 
KeyIdentifier [ 
...truncated... 
] 
] 

] 
    Algorithm: [SHA256withRSA] 
    Signature: 
...truncated... 

] 
chain [1] = [ 
[ 
    Version: V3 
    Subject: CN=GlobalSign Extended Validation CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE 
    Signature Algorithm: SHA256withRSA, OID = ...truncated... 

    Key: Sun RSA public key, 2048 bits 
    modulus: ...truncated... 
    public exponent: ...truncated... 
    Validity: [...truncated...] 
    Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 
    SerialNumber: [ ...truncated...] 

Certificate Extensions: 7 
[1]: ObjectId: ...truncated... Criticality=false 
AuthorityInfoAccess [ 
    [ 
    accessMethod: ocsp 
    accessLocation: URIName: http://ocsp2.globalsign.com/rootr3 
] 
] 

[2]: ObjectId: ...truncated... Criticality=false 
AuthorityKeyIdentifier [ 
KeyIdentifier [ 
...truncated... 
] 
] 

[3]: ObjectId: ...truncated... Criticality=true 
BasicConstraints:[ 
    CA:true 
    PathLen:0 
] 

[4]: ObjectId: ...truncated... Criticality=false 
CRLDistributionPoints [ 
    [DistributionPoint: 
    [URIName: http://crl.globalsign.com/root-r3.crl] 
]] 

[5]: ObjectId: ...truncated... Criticality=false 
CertificatePolicies [ 
    [CertificatePolicyId: [...truncated...] 
[PolicyQualifierInfo: [ 
    qualifierID: ...truncated... 
    qualifier: ...truncated... 

]] ] 
] 

[6]: ObjectId: ...truncated... Criticality=true 
KeyUsage [ 
    Key_CertSign 
    Crl_Sign 
] 

[7]: ObjectId: ...truncated... Criticality=false 
SubjectKeyIdentifier [ 
KeyIdentifier [ 
...truncated... 
] 
] 

] 
    Algorithm: [SHA256withRSA] 
    Signature: 
...truncated... 

] 
chain [2] = [ 
[ 
    Version: V3 
    Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 
    Signature Algorithm: SHA256withRSA, OID = ...truncated... 

    Key: Sun RSA public key, 2048 bits 
    modulus: ...truncated... 
    public exponent: ...truncated... 
    Validity: [...truncated...] 
    Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 
    SerialNumber: [ ...truncated...] 

Certificate Extensions: 3 
[1]: ObjectId: ...truncated... Criticality=true 
BasicConstraints:[ 
...truncated... 
] 

[2]: ObjectId: ...truncated... Criticality=true 
KeyUsage [ 
...truncated... 
] 

[3]: ObjectId: ...truncated... Criticality=false 
SubjectKeyIdentifier [ 
KeyIdentifier [ 
...truncated... 
] 
] 

] 
    Algorithm: [SHA256withRSA] 
    Signature: ...truncated... 

] 
*** 
Found trusted certificate: 
[ 
[ 
    Version: V3 
    Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 
    Signature Algorithm: SHA256withRSA, OID = ...truncated 

    Key: Sun RSA public key, 2048 bits 
    modulus: ...truncated... 
    public exponent: ...truncated... 
    Validity: [...truncated...] 
    Issuer: ...truncated... 
    SerialNumber: [ ...truncated...] 

Certificate Extensions: 3 
[1]: ObjectId: ...truncated... Criticality=true 
BasicConstraints:[ 
    CA:true 
    PathLen:...truncated... 
] 

[2]: ObjectId: ...truncated... Criticality=true 
KeyUsage [ 
    Key_CertSign 
    Crl_Sign 
] 

[3]: ObjectId: 2.5.29.14 Criticality=false 
SubjectKeyIdentifier [ 
KeyIdentifier [ 
...truncated... 
] 
] 

] 
    Algorithm: [SHA256withRSA] 
    Signature: 
...truncated... 
] 
http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 333 
*** ECDH ServerKeyExchange 
Signature Algorithm SHA256withRSA 
Server key: Sun EC public key, 256 bits 
    public x coord: ...truncated... 
    public y coord: ...truncated... 
    parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) 
http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 4 
*** ServerHelloDone 
*** ECDHClientKeyExchange 
ECDH Public value: { 4, 144, 81, 42, 27, 249, 12, 198, 167, 196, 189, 75, 11, 160, 39, 39, 10, 147, 244, 224, 161, 27, 200, 75, 153, 157, 161, 124, 97, 202, 134, 160, 96, 188, 86, 81, 42, 150, 115, 66, 254, 51, 50, 149, 2, 63, 191, 181, 70, 178, 233, 233, 207, 214, 235, 200, 52, 51, 47, 139, 211, 246, 147, 2, 250 } 
http-nio-8080-exec-10, WRITE: TLSv1.2 Handshake, length = 70 
SESSION KEYGEN: 
PreMaster Secret: 
...truncated... 
CONNECTION KEYGEN: 
Client Nonce: 
...truncated... 
Server Nonce: 
...truncated... 
Master Secret: 
...truncated... 
0020: 5B 12 25 BC 53 8B 7C B8 D3 35 60 56 EE D8 8C E4 [.%.S....5`V.... 
... no MAC keys used for this cipher 
Client write key: 
...truncated... 
Server write key: 
...truncated... 
Client write IV: 
...truncated... 
Server write IV: 
...truncated... 
http-nio-8080-exec-10, WRITE: TLSv1.2 Change Cipher Spec, length = 1 
*** Finished 
verify_data: ...truncated... 
*** 
http-nio-8080-exec-10, WRITE: TLSv1.2 Handshake, length = 40 
http-nio-8080-exec-10, READ: TLSv1.2 Change Cipher Spec, length = 1 
http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 40 
*** Finished 
verify_data: ...truncated... 
*** 
%% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] 
http-nio-8080-exec-10, WRITE: TLSv1.2 Application Data, length = 2348 
http-nio-8080-exec-10, READ: TLSv1.2 Application Data, length = 1123

출처

2017-11-06 Bas Dalenoord

답변

0

: 리눅스 시스템에서, URL을 요청 된 포트 번호 (즉, https://remote:443)는 URL이 포트없이 정의 된 Windows 컴퓨터 (예 : https://remote)입니다. Linux 구성에서 포트를 제거한 후 모든 것이 정상적으로 실행됩니다.

AFAIK 포트 번호가 인증서 유효성 검사의 일부가 아니어도 원격 웹 서비스에 포함되어있는 것처럼 보입니다. 어쨌든, 우리의 문제는 해결되었습니다.

출처

2017-11-10 10:59:25

관련 문제

 관련 문제