英文:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH after reinstall openssl package
问题
I removeв openssl package to install downgrade version(I needed) but unfortunately I didn't expect that my ubuntu 20.04 crushed. I fixed login issue and installed appropriate openssl version. But still have one problem - can't open my localhost project with https - ERR_SSL_VERSION_OR_CIPHER_MISMATCH error in chrome and 404 in mozilla
我删除了openssl包以安装我需要的较旧版本,但不幸的是,我没有预料到我的Ubuntu 20.04会崩溃。我修复了登录问题并安装了合适的openssl版本。但仍然存在一个问题 - 无法在https下打开我的本地项目 - Chrome中出现ERR_SSL_VERSION_OR_CIPHER_MISMATCH错误,Mozilla中出现404错误。
I tried
- replace with new self signed SSL cert in my glassfish server
- downgrade min TLSv to 1 in mozilla
- Add MinProtocol = TLSv1 and CipherString = DEFAULT:@SECLEVEL=1 to my openssl.cnf.
我尝试过
1)在我的GlassFish服务器中使用新的自签名SSL证书进行替换
2)在Mozilla中将最小TLS版本降级到1
3)在我的openssl.cnf中添加MinProtocol = TLSv1和CipherString = DEFAULT:@SECLEVEL=1。
There is what curl https://localhost:8082 --tlsv1 --verbose returns:
以下是curl https://localhost:8082 --tlsv1 --verbose 返回的内容:
* Trying 127.0.0.1:8082...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8082 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self signed certificate
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
And openssl s_client -connect localhost:8082 returns:
而openssl s_client -connect localhost:8082 返回:
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
verify return:1
---
Certificate chain
0 s:C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
i:C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDOTCCAiECFGIzodDMshl+/o4CauEEbXn+HmJLMA0GCSqGSIb3DQEBCwUAMFkx
CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTVDENMAsGA1UEBwwEQ2l0eTENMAsGA1UE
CgwESG9tZTELMAkGA1UECwwCT1UxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMzA2
MjYwODIyMzVaFw0yNDA2MjUwODIyMzVaMFkxCzAJBgNVBAYTAlVTMQswCQYDVQQI
DAJTVDENMAsGA1UEBwwEQ2l0eTENMAsGA1UECgwESG9tZTELMAkGA1UECwwCT1Ux
EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOe/fiDWixHlGThOvGIjNIf/8+gEJwteVzt7f4IHTlvcSVtPNysarjOnJGrj
FnkCPfK8hlKfVtjMD0F9XCl2AelM4GV/SrKVTo9IiwgR9/7xa+U2XkLKDlpR3xxW
yYrno7pJA561pWv2zxY3uwap1qRuS2yZ0ENalxlwYFQN8ZqUsML6uKbvaD5wd7nY
Gfkar3ciMftlwlOj5Z3eJrrqljXFU9+KFlyjC+huVeLrbqnKBsHv5qwdF48bOFq6
WyvDxhNb+3IvuB4ZEWNhEHUPrnQHhbDwgFn8QibPEpvUXnI+KjVnhgveeLpZB3AJ
Iq+DafzgqNDS+s1N0XAuWREJSWUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAtnEi
xO9WIDx7/FthTbSD5uaaP2WdySBfFGl0G1QvTvW1NP0P949zpHAyU+cHKGdw4d0B
zj+eJCIi4PwkbJy03y4PiV2+7dT93duJFp2U1lQgFbKQ24UGttHRJIHoOnNIVCV8
vwXGeIxFdGgBnv0b7Du7Rp50aZW0BDp9N1/stDhXrZYVFYMn3vuHpAO7LvTP+iqL
7GJEtDNDiOdbwoegybIVcgaCyKZoy0VrJ1moXF/Km1RGB6GYKrj1ro7ZrP5y/0QF
0jVRdJURzc1IpmHR8PB3CpGQoY2J5Afku9ug
<details>
<summary>英文:</summary>
I removeв openssl package to install downgrade version(I needed) but unfortunately I didn't expect that my ubuntu 20.04 crushed. I fixed login issue and installed appropriate openssl version. But still have one problem - can't open my localhost project with https -
ERR_SSL_VERSION_OR_CIPHER_MISMATCH error in chrome and 404 in mozilla
I tried
1) replace with new self signed SSL cert in my glassfish server
2) downgrade min TLSv to 1 in mozilla
3) Add MinProtocol = TLSv1 and CipherString = DEFAULT:@SECLEVEL=1 to my openssl.cnf.
There is what curl https://localhost:8082 --tlsv1 --verbose returns:
- Trying 127.0.0.1:8082...
- TCP_NODELAY set
- Connected to localhost (127.0.0.1) port 8082 (#0)
- ALPN, offering h2
- ALPN, offering http/1.1
- successfully set certificate verify locations:
- CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs - TLSv1.3 (OUT), TLS handshake, Client hello (1):
- TLSv1.3 (IN), TLS handshake, Server hello (2):
- TLSv1.0 (IN), TLS handshake, Certificate (11):
- TLSv1.0 (OUT), TLS alert, unknown CA (560):
- SSL certificate problem: self signed certificate
- Closing connection 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
And openssl s_client -connect localhost:8082 returns:
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
verify return:1
Certificate chain
0 s:C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
i:C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
Server certificate
-----BEGIN CERTIFICATE-----
MIIDOTCCAiECFGIzodDMshl+/o4CauEEbXn+HmJLMA0GCSqGSIb3DQEBCwUAMFkx
CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTVDENMAsGA1UEBwwEQ2l0eTENMAsGA1UE
CgwESG9tZTELMAkGA1UECwwCT1UxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMzA2
MjYwODIyMzVaFw0yNDA2MjUwODIyMzVaMFkxCzAJBgNVBAYTAlVTMQswCQYDVQQI
DAJTVDENMAsGA1UEBwwEQ2l0eTENMAsGA1UECgwESG9tZTELMAkGA1UECwwCT1Ux
EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOe/fiDWixHlGThOvGIjNIf/8+gEJwteVzt7f4IHTlvcSVtPNysarjOnJGrj
FnkCPfK8hlKfVtjMD0F9XCl2AelM4GV/SrKVTo9IiwgR9/7xa+U2XkLKDlpR3xxW
yYrno7pJA561pWv2zxY3uwap1qRuS2yZ0ENalxlwYFQN8ZqUsML6uKbvaD5wd7nY
Gfkar3ciMftlwlOj5Z3eJrrqljXFU9+KFlyjC+huVeLrbqnKBsHv5qwdF48bOFq6
WyvDxhNb+3IvuB4ZEWNhEHUPrnQHhbDwgFn8QibPEpvUXnI+KjVnhgveeLpZB3AJ
Iq+DafzgqNDS+s1N0XAuWREJSWUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAtnEi
xO9WIDx7/FthTbSD5uaaP2WdySBfFGl0G1QvTvW1NP0P949zpHAyU+cHKGdw4d0B
zj+eJCIi4PwkbJy03y4PiV2+7dT93duJFp2U1lQgFbKQ24UGttHRJIHoOnNIVCV8
vwXGeIxFdGgBnv0b7Du7Rp50aZW0BDp9N1/stDhXrZYVFYMn3vuHpAO7LvTP+iqL
7GJEtDNDiOdbwoegybIVcgaCyKZoy0VrJ1moXF/Km1RGB6GYKrj1ro7ZrP5y/0QF
0jVRdJURzc1IpmHR8PB3CpGQoY2J5Afku9ugWxidoqlYnsahq7hKzgmFky1NcnMA
qdhSyp4yNwR3GTiu0w==
-----END CERTIFICATE-----
subject=C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
issuer=C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
No client certificate CA names sent
Peer signing digest: MD5-SHA1
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
SSL handshake has read 1319 bytes and written 427 bytes
Verification error: self signed certificate
New, TLSv1.0, Cipher is ECDHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES128-SHA
Session-ID: 64995AAB0681A8646E93EC3A7E47B3BB5937BABFB2D6EAE1449983CD875F5CF7
Session-ID-ctx:
Master-Key: 640255936456AC2258537245FE1A28A151CB187E0540A13F67A096629475ED36B661947917B7972B4B9D528B07CC4750
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1687771819
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: no
read:errno=0
**Somebody knows what to do except reinstall ubuntu from scratch?
Maybe there are some openssl dependencies which I should install?**
</details>
# 答案1
**得分**: 0
我没有找到原因。只需替换所有glassfish文件,现在它可以正常工作。Chrome浏览器仍然显示错误,但我可以使用Mozilla。
<details>
<summary>英文:</summary>
I didn't manage to find the reason. Just replace all glassfish files and now it works. Chrome browser still shows an error but I can use mozilla.
</details>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论