routines:SSL23_WRITE:ssl握手失败

Question

当尝试通过SSL连接到xmpp服务器时，openssl会失败，并显示以下错误:3071833836:错误:140790E5:SSL routines:SSL23_WRITE:ssl握手failure:s23_lib.c:177

我相信服务器使用的是RC4-MD5密码，下面是完整的输出：

[root@localhost ~]# openssl s_client -connect 184.106.52.124:5222 -cipher RC4-MD5
CONNECTED(00000003)
>>> SSL 2.0 [length 0032], CLIENT-HELLO
    01 03 03 00 09 00 00 00 20 00 00 04 01 00 80 00
    00 ff b0 c9 c2 3f 0b 0e 98 df b4 dc fe b7 e8 8f
    17 9a 34 b5 9b 17 1b 2b ac 01 dc bd 2b a9 2d 18
    44 0c
3071866604:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 52 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

使用gnutls-cli：

[root@localhost ~]# gnutls-cli 184.106.52.124 -p 5222
Resolving '184.106.52.124'...
Connecting to '184.106.52.124:5222'...
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GNUTLS ERROR: A TLS packet with unexpected length was received.

在端口5223上连接到同一台服务器工作正常。

在CentOS 6.5上使用OpenSSL 1.0.1e-fips，在Ubuntu 14.04.1上使用OpenSSL 1.0.1f

关于如何解决这个问题，有什么建议吗？提前谢谢。

Answer 1

在端口5222上，您应该使用STARTTLS (http://xmpp.org/rfcs/rfc6120.html#tls)协商TLS的使用。对于openssl s_client，请尝试添加-starttls xmpp。