Welcome! Log In Create A New Profile

Advanced

Re: Прокси HTTPS на nginx/1.5.4 собранный вручную vs nginx/1.5.7 из репозитория

December 09, 2013 09:34AM
> Попробуйте подключиться _штатным_ ( из пакетов ) s_client'ом к glassfish'у:
> openssl s_client -debug -connect localhost:8002

Включил
> -Djavax.net.debug=ssl

На данный момент openssl
# openssl version
OpenSSL 1.0.1e 11 Feb 2013
# dpkg -l|grep openssl
ii openssl 1.0.1e-2

но nginx 1.5.7 использует все равно 0.9.8:
# ldd `which nginx`
linux-vdso.so.1 => (0x00007fffae33d000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00007fdd24f6b000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x00007fdd24d34000)
libpcre.so.3 => /lib/libpcre.so.3 (0x00007fdd24b03000)
libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x00007fdd248ac000)
libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0x00007fdd2450b000)
libz.so.1 => /usr/lib/libz.so.1 (0x00007fdd242f3000)
libc.so.6 => /lib/libc.so.6 (0x00007fdd23f91000)
/lib64/ld-linux-x86-64.so.2 (0x00007fdd25195000)
libdl.so.2 => /lib/libdl.so.2 (0x00007fdd23d8d000)

nginx 1.5.4:
# ldd `which /data/nginx-gost/sbin/nginx`
linux-vdso.so.1 => (0x00007fff695ff000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00007ff4330f4000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x00007ff432ebd000)
libpcre.so.3 => /lib/libpcre.so.3 (0x00007ff432c8c000)
libssl.so.1.0.0 => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007ff432a2d000)
libcrypto.so.1.0.0 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007ff432649000)
libdl.so.2 => /lib/libdl.so.2 (0x00007ff432444000)
libz.so.1 => /usr/lib/libz.so.1 (0x00007ff43222d000)
libc.so.6 => /lib/libc.so.6 (0x00007ff431ecb000)
/lib64/ld-linux-x86-64.so.2 (0x00007ff43331e000)


# openssl s_client -connect localhost:8002 -tlsextdebug
CONNECTED(00000003)
depth=0 C = US, ST = California, L = Santa Clara, O = Oracle Corporation, OU = GlassFish, CN = myhost.domain.local
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = California, L = Santa Clara, O = Oracle Corporation, OU = GlassFish, CN = myhost.domain.local
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Santa Clara/O=Oracle Corporation/OU=GlassFish/CN=myhost.domain.local
i:/C=US/ST=California/L=Santa Clara/O=Oracle Corporation/OU=GlassFish/CN=myhost.domain.local
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICsDCCAhmgAwIBAgIEUTCRSzANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMRsw
GQYDVQQKExJPcmFjbGUgQ29ycG9yYXRpb24xEjAQBgNVBAsTCUdsYXNzRmlzaDEf
MB0GA1UEAxMWb2N0b3B1cy5sYW4uaWFjLnNwYi5ydTAeFw0xMzAzMDExMTMwMTla
Fw0yMzAyMjcxMTMwMTlaMIGKMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv
cm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExGzAZBgNVBAoTEk9yYWNsZSBDb3Jw
b3JhdGlvbjESMBAGA1UECxMJR2xhc3NGaXNoMR8wHQYDVQQDExZvY3RvcHVzLmxh
bi5pYWMuc3BiLnJ1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHZ0/bGIlY
r12glRa0B8ykVXGuXtzbNr6cqOlQ5ELkyAlW1zwju/JSPxw00zy/elOep/VMFlAg
K7Sp+xQYqueWgF6u+05K1FTZeQSsgVO3fSkwbBiX4ObUVawuZoTW0tUs8t1RLUm6
widfiIsFrEjrbMWJ5xqxMwBzMdQnyggN3wIDAQABoyEwHzAdBgNVHQ4EFgQUPsyT
ixhlk4gfm5ripc8C1E+J8EwwDQYJKoZIhvcNAQEFBQADgYEAAuaaVnxJN4jsxqHT
AAwNyJl0493xApcKnWCFjdugNbCMvv0ez2tYJ4xuQsG0G4rL/zPLATJvQbJM36TO
JGXR4P3S/QIDFYDpy6cpCBqg/2P0c/vwh/mK5U10sWnrbfLUlh5sBCM1jza3/wtX
/Vqm9py36r3NhaX7hF2KKLG1s7A=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Santa Clara/O=Oracle Corporation/OU=GlassFish/CN=myhost.domain.local
issuer=/C=US/ST=California/L=Santa Clara/O=Oracle Corporation/OU=GlassFish/CN=myhost.domain.local
---
No client certificate CA names sent
---
SSL handshake has read 1264 bytes and written 478 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID: 52A5C7084B96822C644DA72CADECFADD2C8684AFE17E63158BD8EB90819682B1
Session-ID-ctx:
Master-Key: ECB9F34696C2F27C330007773E9272D9FE539517AC74FD3E94F5CF105AA77BF2DFFEFEE93BE22066F68D42CB080F289F
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1386596104
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---


Если дедлаю запрос с nginx 1.5.7 (из репозитория), в логах glassfish'а:
[#|2013-12-09T18:27:35.338+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=36;_ThreadName=Thread-2;|Using SSLEngineImpl.|#]

[#|2013-12-09T18:27:35.338+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=36;_ThreadName=Thread-2;|http-thread-pool-8002(5), READ: TLSv1 Handshake, length = 89|#]

[#|2013-12-09T18:27:35.339+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=36;_ThreadName=Thread-2;|http-thread-pool-8002(5), fatal error: 80: problem unwrapping net record
javax.net.ssl.SSLException: Unexpected end of handshake data|#]

[#|2013-12-09T18:27:35.339+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=36;_ThreadName=Thread-2;|http-thread-pool-8002(5)|#]

[#|2013-12-09T18:27:35.339+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=36;_ThreadName=Thread-2;|, SEND TLSv1 ALERT: |#]

[#|2013-12-09T18:27:35.339+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=36;_ThreadName=Thread-2;|fatal, |#]

[#|2013-12-09T18:27:35.340+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=36;_ThreadName=Thread-2;|description = internal_error|#]

[#|2013-12-09T18:27:35.340+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=36;_ThreadName=Thread-2;|http-thread-pool-8002(5), WRITE: TLSv1 Alert, length = 2|#]
Других записей нет в логе


Если дедлаю запрос с nginx 1.5.7 (сборка в ручную), в логах glassfish'а:
[#|2013-12-09T18:30:54.568+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=35;_ThreadName=Thread-2;|Using SSLEngineImpl.|#]

[#|2013-12-09T18:30:54.568+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=35;_ThreadName=Thread-2;|http-thread-pool-8002(4), READ: TLSv1 Handshake, length = 258|#]

[#|2013-12-09T18:30:54.569+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=35;_ThreadName=Thread-2;|*** ClientHello, TLSv1|#]

[#|2013-12-09T18:30:54.569+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=35;_ThreadName=Thread-2;|RandomCookie: |#]
...
[#|2013-12-09T18:30:54.580+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=35;_ThreadName=Thread-2;|Ciph
er Suites: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, Unknown 0xc0:0x22, Unknown 0xc0:0x21, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TL
S_DHE_DSS_WITH_AES_256_CBC_SHA, Unknown 0x0:0x88, Unknown 0x0:0x87, Unknown 0x0:0x81, Unknown 0x0:0x80, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_A
ES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x84, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, Unknown 0xc0:0x1c, U
nknown 0xc0:0x1b, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, Unknown 0xc0:0x1f, Unknown 0xc0:0x1e, TLS_DHE_RSA_WIT
H_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, Unknown 0x0:0x9a, Unknown 0x0:0x99, Unknown 0x0:0x45, Unknown 0x0:0x44, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, Unknown 0x0:0x96, Unknown 0x0:0x41, SSL_RSA_WITH_IDEA_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA
, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_DHE_
RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_
RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_RSA_EXPORT_WITH_RC4_40_MD5, Unknown 0x0:0xff]|#]

[#|2013-12-09T18:30:54.580+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=35;_ThreadName=Thread-2;|Comp
ression Methods: { |#]

[#|2013-12-09T18:30:54.580+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=35;_ThreadName=Thread-2;|0|#]

[#|2013-12-09T18:30:54.580+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=35;_ThreadName=Thread-2;| }|#
]

[#|2013-12-09T18:30:54.580+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=35;_ThreadName=Thread-2;|Exte
nsion ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]|#]

[#|2013-12-09T18:30:54.580+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=35;_ThreadName=Thread-2;|Exte
nsion elliptic_curves, curve names: {sect571r1, sect571k1, secp521r1, sect409k1, sect409r1, secp384r1, sect283k1, sect283r1, secp256k1, secp256r1, sect239k1, se
ct233k1, sect233r1, secp224k1, secp224r1, sect193r1, sect193r2, secp192k1, secp192r1, sect163k1, sect163r1, sect163r2, secp160k1, secp160r1, secp160r2}|#]

[#|2013-12-09T18:30:54.581+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=35;_ThreadName=Thread-2;|Unsu
pported extension type_35, data: |#]

[#|2013-12-09T18:30:54.581+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=35;_ThreadName=Thread-2;|Unsu
pported extension type_15, data: 01|#]

[#|2013-12-09T18:30:54.581+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=35;_ThreadName=Thread-2;|***|
#]

[#|2013-12-09T18:30:54.582+0400|INFO|oracle-glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=35;_ThreadName=Thread-2;|%% R
esuming [Session-16, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA]|#]
...
Subject Author Posted

Прокси HTTPS на nginx/1.5.4 собранный вручную vs nginx/1.5.7 из репозитория

mnsold December 09, 2013 07:55AM

Re: Прокси HTTPS на nginx/1.5.4 собранный вручную vs nginx/1.5.7 из репозитория

Sergey Budnevitch December 09, 2013 08:48AM

Re: Прокси HTTPS на nginx/1.5.4 собранный вручную vs nginx/1.5.7 из репозитория

mnsold December 09, 2013 09:34AM

Re: Прокси HTTPS на nginx/1.5.4 собранный вручную vs nginx/1.5.7 из репозитория

Sergey Budnevitch December 09, 2013 10:22AM

Re: Прокси HTTPS на nginx/1.5.4 собранный вручную vs nginx/1.5.7 из репозитория

mnsold December 11, 2013 01:58AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 74
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready