1. 首页
  2. 问答
  3. 为什么使用.Net客户端与Erlang 19.1.1的RabbitMQ发生SSL握手失败,但是没有发生17.4 18.1和18.2的问题?

为什么使用.Net客户端与Erlang 19.1.1的RabbitMQ发生SSL握手失败,但是没有发生17.4 18.1和18.2的问题?

2016-12-07 35 views
0

我在Linux机器上安装了RabbitMQ 3.6.6和Erlang 19.1。我遵循SSL指南(http://www.rabbitmq.com/ssl.html),可以让Python客户端连接,但不能连接.Net客户端。为什么使用.Net客户端与Erlang 19.1.1的RabbitMQ发生SSL握手失败,但是没有发生17.4 18.1和18.2的问题?

我已经尝试使用Erlang(17.4 18.1和18.2)所有工作的相同的服务器配置。使用Erlang的19.1

详细低于

Wireshark的客户端请求

Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, Hello Request, Hello Request 
    Secure Sockets Layer 
     TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages 
      Content Type: Handshake (22) 
      Version: TLS 1.2 (0x0303) 
      Length: 1278 
      Handshake Protocol: Certificate 
       Handshake Type: Certificate (11) 
       Length: 748 
       Certificates Length: 745 
       Certificates (745 bytes) 
        Certificate Length: 742 
        Certificate: 308202e2308201caa003020102020102300d06092a864886... (id-at-organizationName=client,id-at-commonName=netclient) 
         signedCertificate 
          version: v3 (2) 
          serialNumber: 2 
          signature (sha256WithRSAEncryption) 
           Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) 
          issuer: rdnSequence (0) 
           rdnSequence: 1 item (id-at-commonName=MyTestCA) 
            RDNSequence item: 1 item (id-at-commonName=MyTestCA) 
             RelativeDistinguishedName item (id-at-commonName=MyTestCA) 
              Id: 2.5.4.3 (id-at-commonName) 
              DirectoryString: uTF8String (4) 
               uTF8String: MyTestCA 
          validity 
           notBefore: utcTime (0) 
            utcTime: 16-12-03 19:56:24 (UTC) 
           notAfter: utcTime (0) 
            utcTime: 17-12-03 19:56:24 (UTC) 
          subject: rdnSequence (0) 
           rdnSequence: 2 items (id-at-organizationName=client,id-at-commonName=netclient) 
            RDNSequence item: 1 item (id-at-commonName=netclient) 
             RelativeDistinguishedName item (id-at-commonName=netclient) 
              Id: 2.5.4.3 (id-at-commonName) 
              DirectoryString: uTF8String (4) 
               uTF8String: netclient 
            RDNSequence item: 1 item (id-at-organizationName=client) 
             RelativeDistinguishedName item (id-at-organizationName=client) 
              Id: 2.5.4.10 (id-at-organizationName) 
              DirectoryString: uTF8String (4) 
               uTF8String: client 
          subjectPublicKeyInfo 
           algorithm (rsaEncryption) 
            Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption) 
           subjectPublicKey: 3082010a0282010100b5007e702f32e3e8e307eb07296cf4... 
            modulus: 0x00b5007e702f32e3e8e307eb07296cf453581e5fa9c6c831... 
            publicExponent: 65537 
          extensions: 3 items 
           Extension (id-ce-basicConstraints) 
            Extension Id: 2.5.29.19 (id-ce-basicConstraints) 
            BasicConstraintsSyntax [0 length] 
           Extension (id-ce-keyUsage) 
            Extension Id: 2.5.29.15 (id-ce-keyUsage) 
            Padding: 7 
            KeyUsage: 80 (digitalSignature) 
             1... .... = digitalSignature: True 
             .0.. .... = contentCommitment: False 
             ..0. .... = keyEncipherment: False 
             ...0 .... = dataEncipherment: False 
             .... 0... = keyAgreement: False 
             .... .0.. = keyCertSign: False 
             .... ..0. = cRLSign: False 
             .... ...0 = encipherOnly: False 
             0... .... = decipherOnly: False 
           Extension (id-ce-extKeyUsage) 
            Extension Id: 2.5.29.37 (id-ce-extKeyUsage) 
            KeyPurposeIDs: 1 item 
             KeyPurposeId: 1.3.6.1.5.5.7.3.2 (id-kp-clientAuth) 
         algorithmIdentifier (sha256WithRSAEncryption) 
          Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) 
         Padding: 0 
         encrypted: 91d59d73fd4fa59494031acf857a0bc94061715b63f9d14d... 
      Handshake Protocol: Client Key Exchange 
       Handshake Type: Client Key Exchange (16) 
       Length: 258 
       RSA Encrypted PreMaster Secret 
        Encrypted PreMaster length: 256 
        Encrypted PreMaster: b6907639fa3c297cbbe91a80ca7394569354ba1c04ca9541... 
      Handshake Protocol: Certificate Verify 
       Handshake Type: Certificate Verify (15) 
       Length: 260 
       Signature Hash Algorithm: 0x0201 
        Signature Hash Algorithm Hash: SHA1 (2) 
        Signature Hash Algorithm Signature: RSA (1) 
       Signature length: 256 
       Signature: 98730313f2cf8eaa47e3e574f0e090882735ec69f051374a... 
     TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec 
      Content Type: Change Cipher Spec (20) 
      Version: TLS 1.2 (0x0303) 
      Length: 1 
      Change Cipher Spec Message 
     TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages 
      Content Type: Handshake (22) 
      Version: TLS 1.2 (0x0303) 
      Length: 40 
      Handshake Protocol: Hello Request 
       Handshake Type: Hello Request (0) 
       Length: 0 
      Handshake Protocol: Hello Request 
       Handshake Type: Hello Request (0) 
       Length: 0

Wireshark的服务器响应

Alert (Level: Fatal, Description: Handshake Failure)

来源

2016-12-07 Daniel Leach

回答

0

只需使用Erlang的版本17.4,18.1和18.2。我怀疑在Erlang有一个错误,因为还有另一个有问题:

https://bugs.erlang.org/browse/ERL-259,票已解决,但没有确认它是否被任何人修复。

来源

2016-12-07 11:48:32

+0

我结束了刚刚与Erlang 18.2,但我不满意这个解决方案。 –

相关问题

 相关问题