2023年6月26日 17:34:26go评论119阅读模式

英文:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH after reinstall openssl package

问题

I removeв openssl package to install downgrade version(I needed) but unfortunately I didn't expect that my ubuntu 20.04 crushed. I fixed login issue and installed appropriate openssl version. But still have one problem - can't open my localhost project with https - ERR_SSL_VERSION_OR_CIPHER_MISMATCH error in chrome and 404 in mozilla

我删除了openssl包以安装我需要的较旧版本，但不幸的是，我没有预料到我的Ubuntu 20.04会崩溃。我修复了登录问题并安装了合适的openssl版本。但仍然存在一个问题 - 无法在https下打开我的本地项目 - Chrome中出现ERR_SSL_VERSION_OR_CIPHER_MISMATCH错误，Mozilla中出现404错误。

I tried

replace with new self signed SSL cert in my glassfish server
downgrade min TLSv to 1 in mozilla
Add MinProtocol = TLSv1 and CipherString = DEFAULT:@SECLEVEL=1 to my openssl.cnf.

我尝试过
1）在我的GlassFish服务器中使用新的自签名SSL证书进行替换
2）在Mozilla中将最小TLS版本降级到1
3）在我的openssl.cnf中添加MinProtocol = TLSv1和CipherString = DEFAULT:@SECLEVEL=1。

There is what curl https://localhost:8082 --tlsv1 --verbose returns:

以下是curl https://localhost:8082 --tlsv1 --verbose 返回的内容：

*   Trying 127.0.0.1:8082...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8082 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self signed certificate
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

And openssl s_client -connect localhost:8082 returns:

而openssl s_client -connect localhost:8082 返回：

CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
verify return:1
---
Certificate chain
 0 s:C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
   i:C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDOTCCAiECFGIzodDMshl+/o4CauEEbXn+HmJLMA0GCSqGSIb3DQEBCwUAMFkx
CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTVDENMAsGA1UEBwwEQ2l0eTENMAsGA1UE
CgwESG9tZTELMAkGA1UECwwCT1UxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMzA2
MjYwODIyMzVaFw0yNDA2MjUwODIyMzVaMFkxCzAJBgNVBAYTAlVTMQswCQYDVQQI
DAJTVDENMAsGA1UEBwwEQ2l0eTENMAsGA1UECgwESG9tZTELMAkGA1UECwwCT1Ux
EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOe/fiDWixHlGThOvGIjNIf/8+gEJwteVzt7f4IHTlvcSVtPNysarjOnJGrj
FnkCPfK8hlKfVtjMD0F9XCl2AelM4GV/SrKVTo9IiwgR9/7xa+U2XkLKDlpR3xxW
yYrno7pJA561pWv2zxY3uwap1qRuS2yZ0ENalxlwYFQN8ZqUsML6uKbvaD5wd7nY
Gfkar3ciMftlwlOj5Z3eJrrqljXFU9+KFlyjC+huVeLrbqnKBsHv5qwdF48bOFq6
WyvDxhNb+3IvuB4ZEWNhEHUPrnQHhbDwgFn8QibPEpvUXnI+KjVnhgveeLpZB3AJ
Iq+DafzgqNDS+s1N0XAuWREJSWUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAtnEi
xO9WIDx7/FthTbSD5uaaP2WdySBfFGl0G1QvTvW1NP0P949zpHAyU+cHKGdw4d0B
zj+eJCIi4PwkbJy03y4PiV2+7dT93duJFp2U1lQgFbKQ24UGttHRJIHoOnNIVCV8
vwXGeIxFdGgBnv0b7Du7Rp50aZW0BDp9N1/stDhXrZYVFYMn3vuHpAO7LvTP+iqL
7GJEtDNDiOdbwoegybIVcgaCyKZoy0VrJ1moXF/Km1RGB6GYKrj1ro7ZrP5y/0QF
0jVRdJURzc1IpmHR8PB3CpGQoY2J5Afku9ug

<details>
<summary>英文:</summary>

I removeв openssl package to install downgrade version(I needed) but unfortunately I didn&#39;t expect that my ubuntu 20.04 crushed. I fixed login issue and installed appropriate openssl version. But still have one problem - can&#39;t open my localhost project with https - 

ERR_SSL_VERSION_OR_CIPHER_MISMATCH error in chrome and 404 in mozilla


I tried
1) replace with new self signed SSL cert in my glassfish server
2) downgrade min TLSv to 1 in mozilla
3) Add MinProtocol = TLSv1 and CipherString = DEFAULT:@SECLEVEL=1 to my openssl.cnf.

There is what curl https://localhost:8082 --tlsv1 --verbose returns:

Trying 127.0.0.1:8082...
TCP_NODELAY set
Connected to localhost (127.0.0.1) port 8082 (#0)
ALPN, offering h2
ALPN, offering http/1.1
successfully set certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.0 (IN), TLS handshake, Certificate (11):
TLSv1.0 (OUT), TLS alert, unknown CA (560):
SSL certificate problem: self signed certificate
Closing connection 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.


And openssl s_client -connect localhost:8082 returns:

CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
verify return:1

Certificate chain
0 s:C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
i:C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost

Server certificate
-----BEGIN CERTIFICATE-----
MIIDOTCCAiECFGIzodDMshl+/o4CauEEbXn+HmJLMA0GCSqGSIb3DQEBCwUAMFkx
CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTVDENMAsGA1UEBwwEQ2l0eTENMAsGA1UE
CgwESG9tZTELMAkGA1UECwwCT1UxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMzA2
MjYwODIyMzVaFw0yNDA2MjUwODIyMzVaMFkxCzAJBgNVBAYTAlVTMQswCQYDVQQI
DAJTVDENMAsGA1UEBwwEQ2l0eTENMAsGA1UECgwESG9tZTELMAkGA1UECwwCT1Ux
EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOe/fiDWixHlGThOvGIjNIf/8+gEJwteVzt7f4IHTlvcSVtPNysarjOnJGrj
FnkCPfK8hlKfVtjMD0F9XCl2AelM4GV/SrKVTo9IiwgR9/7xa+U2XkLKDlpR3xxW
yYrno7pJA561pWv2zxY3uwap1qRuS2yZ0ENalxlwYFQN8ZqUsML6uKbvaD5wd7nY
Gfkar3ciMftlwlOj5Z3eJrrqljXFU9+KFlyjC+huVeLrbqnKBsHv5qwdF48bOFq6
WyvDxhNb+3IvuB4ZEWNhEHUPrnQHhbDwgFn8QibPEpvUXnI+KjVnhgveeLpZB3AJ
Iq+DafzgqNDS+s1N0XAuWREJSWUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAtnEi
xO9WIDx7/FthTbSD5uaaP2WdySBfFGl0G1QvTvW1NP0P949zpHAyU+cHKGdw4d0B
zj+eJCIi4PwkbJy03y4PiV2+7dT93duJFp2U1lQgFbKQ24UGttHRJIHoOnNIVCV8
vwXGeIxFdGgBnv0b7Du7Rp50aZW0BDp9N1/stDhXrZYVFYMn3vuHpAO7LvTP+iqL
7GJEtDNDiOdbwoegybIVcgaCyKZoy0VrJ1moXF/Km1RGB6GYKrj1ro7ZrP5y/0QF
0jVRdJURzc1IpmHR8PB3CpGQoY2J5Afku9ugWxidoqlYnsahq7hKzgmFky1NcnMA
qdhSyp4yNwR3GTiu0w==
-----END CERTIFICATE-----
subject=C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost

issuer=C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost

No client certificate CA names sent
Peer signing digest: MD5-SHA1
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits

SSL handshake has read 1319 bytes and written 427 bytes
Verification error: self signed certificate

New, TLSv1.0, Cipher is ECDHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES128-SHA
Session-ID: 64995AAB0681A8646E93EC3A7E47B3BB5937BABFB2D6EAE1449983CD875F5CF7
Session-ID-ctx:
Master-Key: 640255936456AC2258537245FE1A28A151CB187E0540A13F67A096629475ED36B661947917B7972B4B9D528B07CC4750
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1687771819
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: no

read:errno=0




**Somebody knows what to do except reinstall ubuntu from scratch?
Maybe there are some openssl dependencies which I should install?**

</details>


# 答案1
**得分**: 0

我没有找到原因。只需替换所有glassfish文件，现在它可以正常工作。Chrome浏览器仍然显示错误，但我可以使用Mozilla。

<details>
<summary>英文:</summary>

I didn&#39;t manage to find the reason. Just replace all glassfish files and now it works. Chrome browser still shows an error but I can use mozilla. 

</details>

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

ERR_SSL_VERSION_OR_CIPHER_MISMATCH在重新安装openssl包后发生

问题

CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
verify return:1

Certificate chain
0 s:C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
i:C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost

No client certificate CA names sent
Peer signing digest: MD5-SHA1
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits

SSL handshake has read 1319 bytes and written 427 bytes
Verification error: self signed certificate

我尝试使用openssl生成https证书，但遇到错误。

在Ubuntu Core（snappy）上安装Go编程语言。

如何使用具有相同外部符号的2个库？

No SIGHUP on default Ubuntu by closing socketpair.

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

发表评论

问题

CONNECTED(00000003) Can't use SSL_get_servername depth=0 C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost verify error:num=18:self signed certificate verify return:1 depth=0 C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost verify return:1

Certificate chain 0 s:C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost i:C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost

No client certificate CA names sent Peer signing digest: MD5-SHA1 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits

SSL handshake has read 1319 bytes and written 427 bytes Verification error: self signed certificate

发表评论

CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
verify return:1

Certificate chain
0 s:C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
i:C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost

No client certificate CA names sent
Peer signing digest: MD5-SHA1
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits

SSL handshake has read 1319 bytes and written 427 bytes
Verification error: self signed certificate