Curl
如何修復 Gentoo 上的 curl sslv3 警報握手失敗?
我正在嘗試使用這樣的 cURL 打開一個網站:
$ curl -vH "Accept: application/json" https://www.rocketleaguereplays.com/api/replays/-1/輸出是:
* Trying 104.24.114.83... * Connected to www.rocketleaguereplays.com (104.24.114.83) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Unknown (21): * TLSv1.2 (IN), TLS alert, Server hello (2): * error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure * Closing connection 0 * TLSv1.2 (OUT), TLS alert, Client hello (1): curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure我安裝了 Linux 核心 4.4.0 和最新的 cURL 版本:
$ curl -V curl 7.47.1 (x86_64-pc-linux-gnu) libcurl/7.47.1 OpenSSL/1.0.2f zlib/1.2.8 c-ares/1.10.0 nghttp2/1.6.0 Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp Features: AsynchDNS IPv6 Largefile NTLM SSL libz TLS-SRP HTTP2 UnixSockets我怎樣才能解決這個問題?在 Ubuntu 上,它適用於 cURL 和相同的 URL。
基本上,https ://www.rocketleaguereplays.com 使用過時的加密 (SSL3),您可以使用 -k (–insecure) 開關強制 curl 連接到這樣的不安全站點。
試試這個:
curl -kvH "Accept: application/json" https://www.rocketleaguereplays.com/api/replays/-1/您也可以嘗試使用
-3aka--sslv3開關,但是,如果 curl 是在不支持 SSL3 的情況下建構的,那麼您需要編譯自己的 curl 版本,啟用 SSL3。編輯:操作人員發現了問題。
我對錯誤消息感到困惑。
這是gentoo中的一個錯誤:
https://bugs.gentoo.org/show_bug.cgi?id=531540
基本上,當您使用 bindist 標誌建構 openssl 時,將禁用 elyptic 曲線加密。該站點需要使用 Elyptic 曲線密碼學。
當我執行它時,我得到以下資訊:
`$ curl -vH “Accept: application/json” https://www.rocketleaguereplays.com/api/replays/-1/
- STATE: INIT => CONNECT handle 0x6000572d0; line 1090 (connection #-5000)
- Added connection 0. The cache now contains 1 members
- Trying 2400:cb00:2048:1::6818:7353…
- STATE: CONNECT => WAITCONNECT handle 0x6000572d0; line 1143 (connection #0)
- Connected to www.rocketleaguereplays.com (2400:cb00:2048:1::6818:7353) port 443 (#0)
- STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x6000572d0; line 1240 (connection #0)
- ALPN, offering http/1.1
- Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
- successfully set certificate verify locations:
- CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none
- TLSv1.2 (OUT), TLS header, Certificate Status (22):
- TLSv1.2 (OUT), TLS handshake, Client hello (1):
- STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x6000572d0; line 1254 (connection #0)
- TLSv1.2 (IN), TLS handshake, Server hello (2):
- TLSv1.2 (IN), TLS handshake, Certificate (11):
- TLSv1.2 (IN), TLS handshake, Server key exchange (12):
- TLSv1.2 (IN), TLS handshake, Server finished (14):
- TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
- TLSv1.2 (OUT), TLS change cipher, Client hello (1):
- TLSv1.2 (OUT), TLS handshake, Finished (20):
- TLSv1.2 (IN), TLS change cipher, Client hello (1):
- TLSv1.2 (IN), TLS handshake, Finished (20):
- SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256 <—- […]`
所以我的 curl 在這個站點上使用了 elyptic 曲線。