IPv6 工作正常，IPv4 引发 OpenSSL 错误

Question

IPv6 工作正常，IPv4 引发 OpenSSL 错误

jip*_*pie 5 linux ssl ipv6 ipv4 apache-2.2

我正在构建一个网络服务器 ( http://blog.linformattronics.nl/ )，它在 IPv4 和 IPv6 以及使用非 SSL 连接时都可以正常运行。但是，当我通过 https 连接到它时，IPv6 按预期工作，但 IPv4 连接会引发客户端错误。IPv4/https 连接的服务器端日志为空。总结成一张表：

     | http  | https
-----+-------+-------------------------------------------------------
IPv4 | works | OpenSSL error, failed. No server side logging.
-----+-------+-------------------------------------------------------
IPv6 | works | self signed certificate warning, but works as expected

Run Code Online (Sandbox Code Playgroud)

显然，甚至没有设置 SSL 隧道，这导致 Apache 日志为空。但为什么它对 IPv6 工作正常而对 IPv4 失败？我的问题是为什么会抛出这个 OpenSSL 错误，我该如何解决？

以下是有关设置的一些额外信息。

IPv6 https

用于重现 IPv6/https 行为的命令：

$ wget --no-check-certificate -O /dev/null -6 https://blog.linformatronics.nl
--2012-11-03 15:46:48--  https://blog.linformatronics.nl/
Resolving blog.linformatronics.nl (blog.linformatronics.nl)... 2001:980:1b7f:1:a00:27ff:fea6:a2e7
Connecting to blog.linformatronics.nl (blog.linformatronics.nl)|2001:980:1b7f:1:a00:27ff:fea6:a2e7|:443... connected.
WARNING: cannot verify blog.linformatronics.nl's certificate, issued by `/CN=localhost':
  Self-signed certificate encountered.
    WARNING: certificate common name `localhost' doesn't match requested host name `blog.linformatronics.nl'.
HTTP request sent, awaiting response... 200 OK
Length: 4556 (4.4K) [text/html]
Saving to: `/dev/null'

100%[=======================================================================>] 4,556       --.-K/s   in 0s      

2012-11-03 15:46:49 (62.5 MB/s) - `/dev/null' saved [4556/4556]

Run Code Online (Sandbox Code Playgroud)

IPv4 https

用于重现 IPv6/https 行为的命令：

$ wget --no-check-certificate -O /dev/null -4 https://blog.linformatronics.nl
--2012-11-03 15:47:28--  https://blog.linformatronics.nl/
Resolving blog.linformatronics.nl (blog.linformatronics.nl)... 82.95.251.247
Connecting to blog.linformatronics.nl (blog.linformatronics.nl)|82.95.251.247|:443... connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.

Run Code Online (Sandbox Code Playgroud)

笔记

我在 Ubuntu Server 12.04.1 LTS

Answer 1

Mic*_*ton 6

您有一些严重的防火墙/NAT 配置错误。您实际上并没有在端口 443 上运行 Web 服务器...

$ telnet 82.95.251.247 443
Trying 82.95.251.247...
Connected to 82.95.251.247.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1

Run Code Online (Sandbox Code Playgroud)

而且您的 IPv6 服务似乎被防火墙关闭了...

$ telnet 2001:980:1b7f:1:a00:27ff:fea6:a2e7 443
Trying 2001:980:1b7f:1:a00:27ff:fea6:a2e7...
telnet: connect to address 2001:980:1b7f:1:a00:27ff:fea6:a2e7: Permission denied

Run Code Online (Sandbox Code Playgroud)

修复您的防火墙和/或错误端口上的服务问题，您应该会发现一切正常。

归档时间：	13 年，3 月前
查看次数：	1822 次
最近记录：	13 年，3 月前