我在GCP SSL代理负载平衡器（https://cloud.google.com/load-balancing/docs/ssl/）后面有一个简单的python SSL服务器，该服务器是按照文档（https://cloud.google.com/load-balancing/docs/ssl/setting-up-ssl/）设置的，例外情况是该服务器在一个示例组中的单个节点上运行。GCP SSL代理可以连接到服务器，因为我看到服务器打印了很多空的健康检查请求。节点名www.example.com的DNSmypocketxp.com指向我附加到代理转发规则的静态IP。当我与下面的客户端连接或使用“openssl s_client -connect mypocketxp.com：443”连接时，服务器崩溃，并显示

Traceback (most recent call last):
  File "./server3.py", line 13, in <module>
    sslsoc = context.wrap_socket(newsocket, server_side=True)
  File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket
    _context=self, _session=session)
  File "/usr/lib64/python3.6/ssl.py", line 776, in __init__
    self.do_handshake()
  File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:877)

当我从等式中删除代理，更改DNS条目以直接指向运行服务器的节点，并将自签名证书和密钥替换为www.example.com的受信任CA颁发的证书和密钥时mypocketxp.com，我可以毫无问题地连接。
所以看起来是从SSL代理到服务器的连接导致了这个问题，但我不知道为什么。
任何帮助都是感激不尽的。谢谢你调查这件事

伺服器

#!/usr/bin/python3
import socket, ssl

context = ssl.SSLContext(ssl.PROTOCOL_TLS)
context.load_cert_chain(certfile="/home/adittmer/selfsigned.pem", keyfile="/home/adittmer/selfsigned.key")

bindsocket = socket.socket()
bindsocket.bind(('', 443))
bindsocket.listen(5)

while True:
    newsocket, fromaddr = bindsocket.accept()
    sslsoc = context.wrap_socket(newsocket, server_side=True)
    request = sslsoc.read()
    print(request)

客户端

#!/usr/bin/python3

import socket
import ssl

server_name = 'mypocketxp.com'
server_port = 443

context = ssl.create_default_context()
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.load_verify_locations("/etc/ssl/certs/DST_Root_CA_X3.pem")
conn = context.wrap_socket(socket.socket(socket.AF_INET), server_hostname=server_name)
conn.connect((server_name, server_port))

conn.send(b"Hello, world!")
conn.close()