与在 RedHat 上使用 curl 相关的未知 SSL 协议错误

【问题标题】:Unknown SSL protocol error in connection to using curl on RedHat与在 RedHat 上使用 curl 相关的未知 SSL 协议错误
【发布时间】:2017-10-25 18:39:16
【问题描述】:

请看下面的输出。我只是想在 RedHat Enterprise Server 6.9 上使用 curl 7.52.1 访问该网站。

[root@fti ~]# curl -v https://testweb.dms.com

* Rebuilt URL to: https://testweb.dms.com/
*   Trying 12.121.156.219...
* TCP_NODELAY set
* Connected to testweb.dms.com (12.121.156.219) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /root/anaconda3/ssl/cacert.pem
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to testweb.dms.com:443
* Curl_http_done: called premature == 1
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to testweb.dms.com:443

openssl 工作正常。

[root@fti ~]# openssl s_client -connect testweb.dms.com:443
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 307 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1508957433
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

卷曲 -V O/P

curl 7.52.1 (x86_64-pc-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.2l zlib/1.2.8
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy

作为非root用户

[denimi@fti ~]$ curl -v https://testweb.dms.com
* About to connect() to testweb.dms.com 443 (#0)
*   Trying 12.121.156.219... connected
* Connected to testweb.dms.com (12.121.156.219) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -5961
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error

我该如何解决这个问题?

【问题讨论】:

  • 你能试试curl -qv https://testweb.dms.com吗?并添加curl -V 输出?
  • curl -qv 给出相同的 o/p。并添加 curl -v。
  • 你故意设置/root/anaconda3/ssl/cacert.pem?您是否尝试过以非 root 用户身份运行 curl?
  • 问题已更新。
  • this 有帮助吗?

标签: ssl curl https redhat tls1.2


【解决方案1】:

尝试使用特定协议或密码套件进行连接。似乎 curl 提供的协议不被服务器接受。

试试这个:

curl --tlsv1.2 https://testweb.dms.com

【讨论】:

    猜你喜欢
    • 2014-11-24
    • 1970-01-01
    • 2014-12-16
    • 2017-10-02
    • 1970-01-01
    • 1970-01-01
    • 2015-05-17
    • 2011-03-15
    • 2014-11-29
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode