问题描述
我正在查看Microsoft网络监视器对HTTPSGET请求的捕获,如果由.NET HttpWebRequest 执行,则神秘地永远不会完成。
I am looking at a Microsoft Network Monitor capture of an HTTPS "GET" request which mysteriously never completes if performed by .NET HttpWebRequest.
我发现Server Hello包含一个Alert条目,如下所示:
I have found that the Server Hello contains an Alert entry which looks like this:
我有以下问题:
此警报是否真的加密了?我读到,如果在密钥交换后发送警报,则警报会加密,但正如您所看到的,这在协商阶段很早就发生在服务器Hello上。
Is this alert really encrypted? I read that alerts do come encrypted if sent after a key exchange, but as you can see, this occurs very early in the negotiation stage, at Server Hello.
如果没有加密,是否格式错误?第一个字节 01 ,建议这是一个警告,但 70 (协议版本)是致命错误。当然 70 只能作为 02 70 的一部分出现?
If not encrypted, is it malformed? The first byte, 01, suggests it's a warning, but the 70 ("Protocol Version") is a fatal error. Surely 70 can only appear as part of 02 70?
这究竟意味着什么?协议版本暗示了一些与erm协议版本有关的东西。但是,Client Hello包含TLS 1.0作为最大版本,而Server Hello也指定TLS 1.0。还有什么可能是错的?
What does this mean exactly? "Protocol version" suggests something's up with the, erm, protocol version. However the Client Hello contains "TLS 1.0" as the max version, and the Server Hello specifies "TLS 1.0" too. What else could be wrong?
如果有人感到勇敢,我可以附上整个捕获:)
I can attach the whole capture if anyone is feeling brave :)
我以前执行此请求的代码是。
The code I used to perform this request is shown in my other question.
推荐答案
这不是加密警报。握手完成后可能会出现加密警报,而这种情况并非如此。第一个字节表示警报致命(2),警告(1)的重要性,第二个字节是描述。根据,在您的情况下,十六进制为70,因此十进制为112,无法识别。有关更多信息,请查看中的协议定义。
It is not an encrypted alert. An encrypted alert can come after the handshake is completed and this is not the case here. The first byte indicates the importance of the alert fatal(2), warning(1) and the second byte is the description. In your case is 70 in hex thus 112 in decimal which is unrecognized_name according to RFC 4366. For more information check the protocol definition in RFC 5246.
unrecognized_name表示您在客户端hello中发送的服务器名称与服务器已知的名称不匹配。
The unrecognized_name indicates that the server name you sent in the client hello does not match a name known to the server.
这篇关于这个TLS警报是什么意思?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!