SSL握手使用node.js服务器

我目前正在尝试使用socket.io创build一个安全的连接,而现在我真的无法实现这一点。 试图检查我的证书是否是权利,我试图在nodeJS中创build一个基本的https服务器。

var fs = require('fs'); var certDir = "/path/to/the/certificates/cert-test/"; require("https").createServer( { key : fs.readFileSync(certDir + 'srv.key'), cert : fs.readFileSync(certDir + 'crt.pem'), }, function(request, response){ response.writeHeader(200, {"Content-Type": "text/plain"}); response.write("Hello World!\n"); response.end(); }).listen(8082).on('clientError', function(e){ console.log(e); }); 

与http相当的工作正常,但这是不可能的工作。 我把节点版本升级到了v0.12.4,npm到2.11.0,https是1.0.0(更多查询,socket.io是1.3.5)。 服务器在AWS上,有一个bitnami实例,Ubuntu 12.04.5 LTS,内核版本为3.2.0-84-virtual,OpenSSL为1.0.1i。

我尝试通过https://node.inkive.com:8082 (在我的浏览器和curl中)访问服务器,但是我从来没有得到正确的握手。

服务器检测到以下错误:

  • [Error:3074971392:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:../ deps / openssl / openssl / ssl / s3_srvr.c:1389:]
  • [错误:3074971392:错误:140A1175:SSL例程:SSL_BYTES_TO_CIPHER_LIST:不合适的回退:../ deps / openssl / openssl / ssl / ssl_lib.c:1481:]

我试图检查服务器上可用的密码和我的电脑上可用的密码,并且有许多匹配。 所以,伙计们,我真的没有想法,我会感谢一些帮助…

编辑

输出为openssl x509 -in crt.pem -inform PEM -text -noout

 Certificate: Data: Version: 3 (0x2) Serial Number: af:b7:19:35:7b:0e:87:38 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2 Validity Not Before: Jan 6 10:11:41 2015 GMT Not After : Jan 25 08:15:28 2016 GMT Subject: OU=Domain Control Validated, CN=inkive.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ce:93:8c:6a:0a:54:d8:b8:02:94:0d:d4:23:98: 80:98:5e:42:fb:b2:4a:f7:62:68:82:42:32:dc:6f: 5d:02:3a:b8:34:7c:9f:1c:e6:83:94:a3:1a:1e:25: aa:58:69:4b:4d:76:8e:07:73:09:d3:6a:20:65:ad: 40:f5:a4:75:fa:51:79:af:94:1d:c3:39:c0:d4:70: e0:f0:61:e7:26:d8:78:b8:58:7e:0e:85:22:a2:83: 09:69:85:f6:3e:b1:de:80:71:07:88:d8:9f:f9:6a: 8b:d4:ad:61:bc:c2:bb:98:6c:36:71:d8:20:3f:d1: d4:d8:0e:91:d7:eb:42:3f:f3:98:97:fa:c4:cb:78: 04:c2:ef:12:ba:a5:cf:cd:05:44:ad:a1:cc:ff:04: b9:e1:74:ab:09:8a:58:1b:11:e6:f9:8f:28:c2:39: 3d:71:1e:e4:e2:e4:a4:f7:45:94:04:f2:4a:fc:62: ab:b5:9a:18:56:e8:40:4d:12:17:a7:26:07:54:db: 5b:87:99:56:9e:5c:94:28:0d:6c:29:9d:06:56:3b: 5e:c2:1f:6b:1f:6a:90:c2:97:24:77:63:32:26:f5: 25:d6:02:73:61:6b:69:20:39:a7:be:af:51:27:c5: a5:b4:a4:1f:e2:36:fc:15:25:30:fe:08:8f:0a:12: 5f:c9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 CRL Distribution Points: Full Name: URI:http://crl.godaddy.com/gdig2s1-87.crl X509v3 Certificate Policies: Policy: 2.16.840.1.114413.1.7.23.1 CPS: http://certificates.godaddy.com/repository/ Authority Information Access: OCSP - URI:http://ocsp.godaddy.com/ CA Issuers - URI:http://certificates.godaddy.com/repository/gdig2.crt X509v3 Authority Key Identifier: keyid:40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE X509v3 Subject Alternative Name: DNS:inkive.com, DNS:www.inkive.com, DNS:inkive.me, DNS:inkive.net, DNS:node.inkive.com X509v3 Subject Key Identifier: 70:FE:A0:B4:00:2E:14:98:B8:CA:BF:C8:63:A7:23:63:7C:FA:48:82 Signature Algorithm: sha256WithRSAEncryption 70:b7:dd:2b:ed:b9:7b:4e:4d:b1:13:26:7b:5d:f4:10:1f:28: a4:b8:f5:99:4e:ee:34:56:b1:eb:06:19:d8:14:c8:28:44:fe: 63:f1:2e:58:73:c7:22:57:1a:4f:2c:00:ef:2b:f8:c6:52:09: 71:1a:68:00:35:a0:f8:df:57:c5:98:f8:43:68:ba:b5:ff:3e: e1:a5:ad:6a:85:64:dd:40:72:d1:9d:04:61:54:cc:7c:92:c4: b3:68:6a:77:32:1b:49:ea:6c:7e:28:c7:67:ce:1d:ed:29:49: d6:9c:76:4d:a3:f1:a5:f5:0a:0a:92:72:7e:0a:1a:22:43:32: 18:9f:3f:fe:62:e0:57:ee:92:9d:fb:5f:bd:4b:c9:c4:1d:ba: cb:0d:3c:b9:00:2f:79:fc:5d:cd:df:9e:d7:c9:79:3b:45:c4: 7c:ad:cb:47:6d:8e:82:cc:dd:8e:2d:86:fc:94:4b:bf:9d:8e: 37:37:90:1c:74:73:f1:93:e7:f1:c9:e3:e0:d9:5c:fb:d6:3d: 09:6b:d5:45:ab:47:d2:65:69:6c:af:81:08:35:6c:87:7f:dd: fa:26:2e:8a:bf:4e:53:c1:70:1a:0a:e1:7f:e9:18:c5:82:f1: 90:9e:6c:29:7b:b7:cc:a3:25:3f:7f:8d:f3:b5:58:25:62:56: 64:50:43:b3 

输出为openssl s_client -connect node.inkive.com:8082 -tls1 -servername node.inkive.com

 CONNECTED(00000003) 3073997000:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1262:SSL alert number 40 3073997000:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1433377982 Timeout : 7200 (sec) Verify return code: 0 (ok) --- 

我试过openssl s_client -connect node.inkive.com:8082 -tls1_2 -servername node.inkive.com ,这里是我得到的答案:

 CONNECTED(00000003) 3074009288:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1262:SSL alert number 40 3074009288:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1433466977 Timeout : 7200 (sec) Verify return code: 0 (ok) --- 

顺便说一下,为了保持服务器的运行,它使用forever包(v0.14.1)运行。

可用的密码:

 ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5 

输出为openssl s_client -connect node.inkive.com:8082 -tls1 -cipher "ECDHE-RSA-AES256-GCM-SHA384" -servername node.inkive.com

 CONNECTED(00000003) 3073722568:error:140830B5:SSL routines:SSL3_CLIENT_HELLO:no ciphers available:s3_clnt.c:757: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1433512430 Timeout : 7200 (sec) Verify return code: 0 (ok) --- 

顺便说一下,作为一个附属问题,除了http成为socket.io/socket.io.js文件的请求的一个https,我必须得到为了创build连接,还有什么我将不得不更改为可以在我的网站上使用这个包?

谢谢。

       

网上收集的解决方案 "SSL握手使用node.js服务器"

这是怎么回事

 $ openssl s_client -connect node.inkive.com:8082 -tls1 -servername node.inkive.com -cipher 'HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4' -debug CONNECTED(00000003) write to 0x7fbb02c23bb0 [0x7fbb0301cc03] (220 bytes => 220 (0xDC)) 0000 - 16 03 01 00 d7 01 00 00-d3 03 01 1e 9d af 6b 4b ..............kK 0010 - ea d5 6c 84 44 b0 13 c5-77 ad 3c 98 4a 50 b3 19 ..lD..w.<.JP.. 0020 - 5c 84 d4 5e ae 58 dc 76-61 f0 9f 00 00 42 c0 14 \..^.X.va....B.. 0030 - c0 0a 00 39 00 38 00 37-00 36 00 88 00 87 00 86 ...9.8.7.6...... 0040 - 00 85 c0 0f c0 05 c0 13-c0 09 00 33 00 32 00 31 ...........3.2.1 0050 - 00 30 00 45 00 44 00 43-00 42 c0 0e c0 04 c0 12 .0.EDCB..... 0060 - c0 08 00 16 00 13 00 10-00 0d c0 0d c0 03 00 ff ................ 0070 - 02 01 00 00 67 00 00 00-14 00 12 00 00 0f 6e 6f ....g.........no 0080 - 64 65 2e 69 6e 6b 69 76-65 2e 63 6f 6d 00 0b 00 de.inkive.com... 0090 - 04 03 00 01 02 00 0a 00-3a 00 38 00 0e 00 0d 00 ........:.8..... 00a0 - 19 00 1c 00 0b 00 0c 00-1b 00 18 00 09 00 0a 00 ................ 00b0 - 1a 00 16 00 17 00 08 00-06 00 07 00 14 00 15 00 ................ 00c0 - 04 00 05 00 12 00 13 00-01 00 02 00 03 00 0f 00 ................ 00d0 - 10 00 11 00 23 00 00 00-0f 00 01 01 ....#....... read from 0x7fbb02c23bb0 [0x7fbb03018603] (5 bytes => 5 (0x5)) 0000 - 15 03 01 00 02 ..... read from 0x7fbb02c23bb0 [0x7fbb03018608] (2 bytes => 2 (0x2)) 0000 - 02 28 .( 140735193977308:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1461:SSL alert number 40 140735193977308:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:645 

阅读15 03 01 00 02是TLSlogging。 它是什么携带的TLS有效载荷。 03 01是TLS版本。 00 02是有效载荷的长度。

接下来的两个字节是有效载荷,这是警报。 02是警报, 28是警报号码,是40。

警报40是握手失败 。 根据RFC 5246发送:

7.4.1.3。 服务器你好

当这封邮件将被发送时:

  The server will send this message in response to a ClientHello message when it was able to find an acceptable set of algorithms. If it cannot find such a match, it will respond with a handshake failure alert. 

我不想回答有问题的问题,但是在服务器上启用了哪些协议和密码套件?


相关的, node.js文档像这样创build一个HTTPS服务器:

 var https = require('https'); var fs = require('fs'); var options = { key: fs.readFileSync('/path/to/the/certificates/cert-test/srv.key'), cert: fs.readFileSync('/path/to/the/certificates/cert-test/crt.pem'), }; https.createServer(options, function (req, res) { res.writeHead(200); res.end("hello world\n"); }).listen(8082); 

你应该尝试一下,因为它是创build一个官方的方式。 function(request, response){...}).listen(8082)对我来说看起来很奇怪。


编辑

可用的密码:

 ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:... ... EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5 

使用"HIGH:!aNULL:!kRSA:!MD5:!RC4:!PSK:!SRP:!DSS:!DSA" 。 它会让你整数和椭圆曲线Diffie-Hellman,并避免浏览器中的过时encryption警告 。

另外,除非您实际使用SRP和PSK,否则请勿启用SRP和PSK。 除非您有DSS / DSA密钥,否则不要启用DSS 。 而且你需要一个aNULL因为OpenSSL默认启用了匿名协议。 并且不要启用这些出口等级密码套件( EXP )。 对于这个问题,不要启用MEDIUMLOW 。 所有现代的用户代理都不会遇到任何问题。

使用上面的string,这里是您启用的密码:

 $ openssl ciphers -v 'HIGH:!aNULL:!kRSA:!MD5:!RC4:!PSK:!SRP:!DSS:!DSA' ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 DH-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(256) Mac=AEAD DH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DH-RSA-AES256-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA256 DH-DSS-AES256-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA256 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DH-RSA-AES256-SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA1 DH-DSS-AES256-SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA1 DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 DH-RSA-CAMELLIA256-SHA SSLv3 Kx=DH/RSA Au=DH Enc=Camellia(256) Mac=SHA1 DH-DSS-CAMELLIA256-SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(256) Mac=SHA1 ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384 ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384 ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1 ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 DH-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(128) Mac=AEAD DH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DH-RSA-AES128-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA256 DH-DSS-AES128-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA256 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DH-RSA-AES128-SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA1 DH-DSS-AES128-SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA1 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 DH-RSA-CAMELLIA128-SHA SSLv3 Kx=DH/RSA Au=DH Enc=Camellia(128) Mac=SHA1 DH-DSS-CAMELLIA128-SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(128) Mac=SHA1 ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD ECDH-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA256 ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256 ECDH-RSA-AES128-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1 ECDH-ECDSA-AES128-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA1 ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1 ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1 EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 DH-RSA-DES-CBC3-SHA SSLv3 Kx=DH/RSA Au=DH Enc=3DES(168) Mac=SHA1 DH-DSS-DES-CBC3-SHA SSLv3 Kx=DH/DSS Au=DH Enc=3DES(168) Mac=SHA1 ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1 ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1 

只是想提醒你,没有response.writeHeader()方法,它应该是response.writeHead()。 ref: https : //nodejs.org/api/http.html#http_response_writehead_statuscode_statusmessage_headers