ERR_SSL_VERSION_OR_CIPHER_MISMATCH在重新安装openssl包后发生

huangapple go评论129阅读模式
英文:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH after reinstall openssl package

问题

I removeв openssl package to install downgrade version(I needed) but unfortunately I didn't expect that my ubuntu 20.04 crushed. I fixed login issue and installed appropriate openssl version. But still have one problem - can't open my localhost project with https - ERR_SSL_VERSION_OR_CIPHER_MISMATCH error in chrome and 404 in mozilla

我删除了openssl包以安装我需要的较旧版本,但不幸的是,我没有预料到我的Ubuntu 20.04会崩溃。我修复了登录问题并安装了合适的openssl版本。但仍然存在一个问题 - 无法在https下打开我的本地项目 - Chrome中出现ERR_SSL_VERSION_OR_CIPHER_MISMATCH错误,Mozilla中出现404错误。

I tried

  1. replace with new self signed SSL cert in my glassfish server
  2. downgrade min TLSv to 1 in mozilla
  3. Add MinProtocol = TLSv1 and CipherString = DEFAULT:@SECLEVEL=1 to my openssl.cnf.

我尝试过
1)在我的GlassFish服务器中使用新的自签名SSL证书进行替换
2)在Mozilla中将最小TLS版本降级到1
3)在我的openssl.cnf中添加MinProtocol = TLSv1和CipherString = DEFAULT:@SECLEVEL=1。

There is what curl https://localhost:8082 --tlsv1 --verbose returns:

以下是curl https://localhost:8082 --tlsv1 --verbose 返回的内容:

*   Trying 127.0.0.1:8082...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8082 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self signed certificate
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

And openssl s_client -connect localhost:8082 returns:

而openssl s_client -connect localhost:8082 返回:

CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
verify return:1
---
Certificate chain
 0 s:C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
   i:C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDOTCCAiECFGIzodDMshl+/o4CauEEbXn+HmJLMA0GCSqGSIb3DQEBCwUAMFkx
CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTVDENMAsGA1UEBwwEQ2l0eTENMAsGA1UE
CgwESG9tZTELMAkGA1UECwwCT1UxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMzA2
MjYwODIyMzVaFw0yNDA2MjUwODIyMzVaMFkxCzAJBgNVBAYTAlVTMQswCQYDVQQI
DAJTVDENMAsGA1UEBwwEQ2l0eTENMAsGA1UECgwESG9tZTELMAkGA1UECwwCT1Ux
EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOe/fiDWixHlGThOvGIjNIf/8+gEJwteVzt7f4IHTlvcSVtPNysarjOnJGrj
FnkCPfK8hlKfVtjMD0F9XCl2AelM4GV/SrKVTo9IiwgR9/7xa+U2XkLKDlpR3xxW
yYrno7pJA561pWv2zxY3uwap1qRuS2yZ0ENalxlwYFQN8ZqUsML6uKbvaD5wd7nY
Gfkar3ciMftlwlOj5Z3eJrrqljXFU9+KFlyjC+huVeLrbqnKBsHv5qwdF48bOFq6
WyvDxhNb+3IvuB4ZEWNhEHUPrnQHhbDwgFn8QibPEpvUXnI+KjVnhgveeLpZB3AJ
Iq+DafzgqNDS+s1N0XAuWREJSWUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAtnEi
xO9WIDx7/FthTbSD5uaaP2WdySBfFGl0G1QvTvW1NP0P949zpHAyU+cHKGdw4d0B
zj+eJCIi4PwkbJy03y4PiV2+7dT93duJFp2U1lQgFbKQ24UGttHRJIHoOnNIVCV8
vwXGeIxFdGgBnv0b7Du7Rp50aZW0BDp9N1/stDhXrZYVFYMn3vuHpAO7LvTP+iqL
7GJEtDNDiOdbwoegybIVcgaCyKZoy0VrJ1moXF/Km1RGB6GYKrj1ro7ZrP5y/0QF
0jVRdJURzc1IpmHR8PB3CpGQoY2J5Afku9ug

<details>
<summary>英文:</summary>

I removeв openssl package to install downgrade version(I needed) but unfortunately I didn&#39;t expect that my ubuntu 20.04 crushed. I fixed login issue and installed appropriate openssl version. But still have one problem - can&#39;t open my localhost project with https - 

ERR_SSL_VERSION_OR_CIPHER_MISMATCH error in chrome and 404 in mozilla


I tried
1) replace with new self signed SSL cert in my glassfish server
2) downgrade min TLSv to 1 in mozilla
3) Add MinProtocol = TLSv1 and CipherString = DEFAULT:@SECLEVEL=1 to my openssl.cnf.

There is what curl https://localhost:8082 --tlsv1 --verbose returns:


  • Trying 127.0.0.1:8082...
  • TCP_NODELAY set
  • Connected to localhost (127.0.0.1) port 8082 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.0 (IN), TLS handshake, Certificate (11):
  • TLSv1.0 (OUT), TLS alert, unknown CA (560):
  • SSL certificate problem: self signed certificate
  • Closing connection 0
    curl: (60) SSL certificate problem: self signed certificate
    More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.


And openssl s_client -connect localhost:8082 returns:


CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
verify return:1

Certificate chain
0 s:C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost
i:C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost

Server certificate
-----BEGIN CERTIFICATE-----
MIIDOTCCAiECFGIzodDMshl+/o4CauEEbXn+HmJLMA0GCSqGSIb3DQEBCwUAMFkx
CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTVDENMAsGA1UEBwwEQ2l0eTENMAsGA1UE
CgwESG9tZTELMAkGA1UECwwCT1UxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMzA2
MjYwODIyMzVaFw0yNDA2MjUwODIyMzVaMFkxCzAJBgNVBAYTAlVTMQswCQYDVQQI
DAJTVDENMAsGA1UEBwwEQ2l0eTENMAsGA1UECgwESG9tZTELMAkGA1UECwwCT1Ux
EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOe/fiDWixHlGThOvGIjNIf/8+gEJwteVzt7f4IHTlvcSVtPNysarjOnJGrj
FnkCPfK8hlKfVtjMD0F9XCl2AelM4GV/SrKVTo9IiwgR9/7xa+U2XkLKDlpR3xxW
yYrno7pJA561pWv2zxY3uwap1qRuS2yZ0ENalxlwYFQN8ZqUsML6uKbvaD5wd7nY
Gfkar3ciMftlwlOj5Z3eJrrqljXFU9+KFlyjC+huVeLrbqnKBsHv5qwdF48bOFq6
WyvDxhNb+3IvuB4ZEWNhEHUPrnQHhbDwgFn8QibPEpvUXnI+KjVnhgveeLpZB3AJ
Iq+DafzgqNDS+s1N0XAuWREJSWUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAtnEi
xO9WIDx7/FthTbSD5uaaP2WdySBfFGl0G1QvTvW1NP0P949zpHAyU+cHKGdw4d0B
zj+eJCIi4PwkbJy03y4PiV2+7dT93duJFp2U1lQgFbKQ24UGttHRJIHoOnNIVCV8
vwXGeIxFdGgBnv0b7Du7Rp50aZW0BDp9N1/stDhXrZYVFYMn3vuHpAO7LvTP+iqL
7GJEtDNDiOdbwoegybIVcgaCyKZoy0VrJ1moXF/Km1RGB6GYKrj1ro7ZrP5y/0QF
0jVRdJURzc1IpmHR8PB3CpGQoY2J5Afku9ugWxidoqlYnsahq7hKzgmFky1NcnMA
qdhSyp4yNwR3GTiu0w==
-----END CERTIFICATE-----
subject=C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost

issuer=C = US, ST = ST, L = City, O = Home, OU = OU, CN = localhost


No client certificate CA names sent
Peer signing digest: MD5-SHA1
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits

SSL handshake has read 1319 bytes and written 427 bytes
Verification error: self signed certificate

New, TLSv1.0, Cipher is ECDHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES128-SHA
Session-ID: 64995AAB0681A8646E93EC3A7E47B3BB5937BABFB2D6EAE1449983CD875F5CF7
Session-ID-ctx:
Master-Key: 640255936456AC2258537245FE1A28A151CB187E0540A13F67A096629475ED36B661947917B7972B4B9D528B07CC4750
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1687771819
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: no

read:errno=0




**Somebody knows what to do except reinstall ubuntu from scratch?
Maybe there are some openssl dependencies which I should install?**

</details>


# 答案1
**得分**: 0

我没有找到原因。只需替换所有glassfish文件,现在它可以正常工作。Chrome浏览器仍然显示错误,但我可以使用Mozilla。

<details>
<summary>英文:</summary>

I didn&#39;t manage to find the reason. Just replace all glassfish files and now it works. Chrome browser still shows an error but I can use mozilla. 

</details>



huangapple
  • 本文由 发表于 2023年6月26日 17:34:26
  • 转载请务必保留本文链接:https://go.coder-hub.com/76555402.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定