- 客户端使用密码套件中包含的密码发送“客户端Hello”消息 .
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
- 在server.xml中,不会出现这些密码 . 这是catalina条目:
连接器端口=“4443”SSLEnabled =“true”acceptCount =“20000”maxThreads =“5000”allowTrace =“false”scheme =“https”secure =“true”clientAuth =“false”sslProtocol =“TLS”keystoreFile =“/ usr / local / tomcat6 / conf / Default-Cert.p12“keystoreType =”PKCS12“keystorePass =”uuuuuu“ciphers =”...“
和密码是 SSL_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
服务器发送“服务器Hello”选择“TLS_RSA_WITH_AES_128_CBC_SHA 0x002f”,并在~1.5毫秒后服务器发送致命警报(握手失败(40)) .
我们可以解释握手失败吗?这是因为TLS_RSA_WITH_AES_128_CBC_SHA未包含在客户端密码列表中吗?