来自xx.xx.xx.xx:14333的TLS握手错误:EOF

我正在Linux(RHEL 7)中运行HTTPS服务器。 启动服务器后,我立即收到以下错误消息。 </ p>

  2019/09/04 15:46:16 http:来自xx.xx.xx.xx:60206的TLS握手错误:EOF 
2019 / 09/04 15:46 :21 http:来自xx.xx.xx.xx的TLS握手错误:31824:EOF
</ code> </ pre>

此错误在终端中连续不断出现。
以下是 用于创建https服务器的go代码-</ p>

 包main 

import(
“ fmt”
“ net / http”

“ github.com/ gin-gonic / gin“

func main(){
fmt.Println(” Starting webserver“)

router:= gin.Default()
router.GET(” /“, func(c * gin.Context){
c.JSON(http.StatusOK,gin.H {
“ success”:true,
})
})

router.RunTLS(“:9001 “,” server.pem“,” server.key“)
}

</ code> </ pre>

我们已经购买并合并了服务器证书,中间证书和根证书 合并为一个文件,以制作 server.pem </ code>文件。 </ p>

由于此错误持续不断,并且在启动服务器后立即在终端中出现错误,我认为VM中存在一些配置问题?</ p>

请提出我可以在此处检查的内容。 </ p>

注意:此错误特定于Go。 我已经在Node JS中使用相同证书在同一端口的同一服务器上进行了测试。 而且效果很好。

错误消息中的IP也属于反向代理服务器(WAF),该服务器一直在进行Web应用程序服务器的运行状况监视。 </ p>
</ div>

展开原文

原文

I am running a HTTPS server in Linux (RHEL 7). I am getting the below error as soon as I start the server.

2019/09/04 15:46:16 http: TLS handshake error from xx.xx.xx.xx:60206: EOF
2019/09/04 15:46:21 http: TLS handshake error from xx.xx.xx.xx:31824: EOF

This error is coming automatically and continuously in the terminal. Below is the go code for creating https server -

package main

import (
    "fmt"
    "net/http"

    "github.com/gin-gonic/gin"
)

func main() {
    fmt.Println("Starting webserver")

    router := gin.Default()
    router.GET("/", func(c *gin.Context) {
        c.JSON(http.StatusOK, gin.H{
            "success": true,
        })
    })

    router.RunTLS(":9001", "server.pem", "server.key")
}

We have purchased and combined the server certificate, intermidate certificate and root certificate into a single file to make the server.pem file.

As this error is coming continuously and in the terminal as soon as I start the server, I think there is some configuration problem in the VM?

Please suggest what are the things I can check here.

NOTE: This error is specific to the Go. I have tested on the same server on the same port with same certificates in Node JS. And it works fine. Also the IP in the error message is of the reverse proxy server (WAF) which is continuosly doing health monitoring of the web application server.

doujishan2247
doujishan2247 问题是,当我从笔记本电脑浏览器访问URL时,它运行正常,没有任何证书错误。但是在VM内部,此错误不断出现在日志中。因此,请求来自某个地方,但我无法理解。我的LinuxVM在代理服务器后面运行,这就是我所知道的。它在IBM云中。此请求可能会自动发出吗?
大约一年之前 回复
doutan8601
doutan8601 使用openssls_client-msg或同等功能查看完整的TLS交换。从您提供的稀缺信息的外观来看,一个参加者决定在收到不喜欢的信息后停止讲话。
大约一年之前 回复

1个回答



我将从两个角度对问题进行解决:</ p>


  1. 这个 xx.xx.xx.xx </ code>地址是什么? 我希望当我启动一些随机软件时,没有任何东西可以单独连接到它们,</ em>对吗?</ p> </ li>

  2. 9001端口有什么特别之处吗? 尝试运行 nc -l -p 9001 </ code>并查看是否也发生了那些不确定的连接。</ p>

    运行 tcpdump </ code>并查看是否存在 来自建立这些连接的客户端的任何传入流量:TLS机械报告的那些 EOF </ code> s(即“文件结尾”)最有可能意味着这些客户端(无论它们是什么)将其连接端封闭在某处 在TLS握手过程中-服务器希望从中读取一些数据。
    这表明这些客户端实际上并不希望在它们打开的连接中看到TLS协议; 并且它们几乎可以在其中发送一些纯文本,因此您可以对其进行窥视。</ p> </ li>

  3. 在Google搜索“ 9001端口”时暗示它已用于 某些“ ETL服务管理器”协议(无论如何)。 暗示9001上的流量可能与VoIP有关。</ p>

    我不知道该如何处理,但这可能会为您提供一些进一步研究的线索。</ p> </ li>
    </ ol>
    </ div>

展开原文

原文

I would attack the problem from two angles:

  1. What is this xx.xx.xx.xx address? I'd expect that when I start some random piece of software, there is nothing to connect to it all by itself, right?

  2. Is there anything special about that 9001 port? Try running nc -l -p 9001 and see whether those unidentified connections happen as well.

    Run tcpdump and see whether there is any incoming traffic from the clients making those connections: those EOFs (that's "end of file") reported by the TLS mchinery most probably mean those clients—whatever they are—close their side of the connection somewhere amidst the TLS handshake—while the server is expecting to read some data from them. This hints at that those clients do not actually expect to see TLS protocol in the connection they open; and they pretty much may send some plaintext in it, so you'll be able to peek at it.

  3. Googling for "9001 port" hints at that it's used for some "ETL service manager" protocol—whatever it is. This hints at that traffic on 9001 might be related to VoIP.

    I have no idea what to do with this, but it might give you some lead for further research.

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问