感谢您的帮助,我想知道是否有人遇到过这个问题,我没有成功为 OHS 配置我的 SSL 配置,似乎 TLSV1.2 不起作用。
我的 OHS 嵌入了 weblogic 12C
看下面我的配置
###################################################################
# Oracle HTTP Server mod_ossl configuration file: ssl.conf #
###################################################################
# The Listen directive below has a comment preceding it that is used
# by tooling which updates the configuration. Do not delete the comment.
#[Listen] OHS_SSL_PORT
Listen 8443
<IfModule ossl_module>
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
#
# Some MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use, second the expiring timeout (in seconds) and third
# the mutex to be used.
SSLSessionCache "shmcb:${ORACLE_INSTANCE}/servers/${COMPONENT_NAME}/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<IfModule !mpm_winnt_module>
Mutex pthread ssl-cache
</IfModule>
##
## SSL Virtual Host Context
##
#[VirtualHost] OHS_SSL_VH
<VirtualHost *:8443>
<IfModule ossl_module>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional and require.
SSLVerifyClient None
# SSL Protocol Support:
# Configure usable SSL/TLS protocol versions.
SSLProtocol +TLSv1.2 nzos_Version_3_0_With_2_0_Hello nzos_Version_3_0
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# SSL Certificate Revocation List Check
# Valid values are On and Off
SSLCipherSuite ALL
SSLCRLCheck Off
#Path to the wallet
SSLWallet "/data/as/Certificates/OHS"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfModule>
</VirtualHost>
当我尝试连接该 URL 时,请参阅下面的错误?
2021-02-04T19:12:18.2523+01:00] [OHS] [ERROR:32] [OH99999] [ossl] [client_id: 172.21.0.68] [host_id: lpacs122] [host_addr: 172.21.20.79] [pid: 29658] [user: as] [VirtualHost: localhost:8443] OHS:2079 Client SSL handshake error, nzos_Handshake returned 29039(server localhost:8443)
[2021-02-04T19:12:18.2523+01:00] [OHS] [ERROR:32] [OH99999] [ossl] [host_id: lpacs122] [host_addr: 172.21.20.79] [pid: 29658] [user: as] [VirtualHost: localhost:8443] OHS:2171 NZ Library Error: SSL negotiation error [Hint: too restrictive SSLCipherSuite]
有人遇到过这个问题吗?
非常感谢您的帮助
Oracle HTTP 服务器无法启动,并出现错误“OHS:2079 客户端 SSL 握手错误,nzos_Handshake 返回 29019”(文档 ID 2818638.1)
请参阅此文档。