OpenSSL::SSL::SSLError: SSL_connect SYSCALL 返回=5 errno=0 state=SSLv3 read server hello A
[英]OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A
问题描述
The code below yields the following error: OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A
下面的代码产生以下错误: OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A
require 'net/https'
uri = URI.parse("https://<server>.com")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.ssl_version = 'SSLv3'
http.get(uri.request_uri)
Any idea why?知道为什么吗? I tried everything mentioned in all other questions, still no luck.我尝试了所有其他问题中提到的所有内容,但仍然没有运气。
- Ruby 1.9.3p484 (2013-11-22 revision 43786) [x86_64-darwin13.3.0] Ruby 1.9.3p484 (2013-11-22 修订版 43786) [x86_64-darwin13.3.0]
- OpenSSL 0.9.8y 5 Feb 2013 OpenSSL 0.9.8y 2013 年 2 月 5 日
Update I更新我
Tried the following:尝试了以下方法:
- Ruby 2.0.0p353 (2013-11-22 revision 43784) [x86_64-darwin13.3.0] Ruby 2.0.0p353 (2013-11-22 修订版 43784) [x86_64-darwin13.3.0]
- OpenSSL 1.0.1i 6 Aug 2014 OpenSSL 1.0.1i 2014 年 8 月 6 日
Update II更新二
- Forced ssl_version to :TLSv1_2强制 ssl_version 为 :TLSv1_2
Still no luck.仍然没有运气。
Update III更新三
Alright, here's the final code - thanks to Steffen (see answer below):好的,这是最终代码 - 感谢 Steffen(请参阅下面的答案):
require 'net/https'
uri = URI.parse("https://<server>.com")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.ssl_version = :TLSv1
http.ciphers = ['RC4-SHA']
http.get(uri.request_uri)
I doubt that my question will be relevant to anyone else since it was related to a remote misconfigured server.我怀疑我的问题是否与其他任何人相关,因为它与远程配置错误的服务器有关。
3 个解决方案
解决方案1
39 已采纳 2014-09-13 03:06:41
This is a problem at the server site.这是服务器站点的问题。 It looks like the server is exclusively accepting TLS 1.2 and does not show the usual behavior when the client requests something lesser (like downgrading or sending SSL alert) but instead just closes the connection.看起来服务器只接受 TLS 1.2,并且当客户端请求较少的内容(如降级或发送 SSL 警报)时不显示通常的行为,而是关闭连接。
TLS 1.2 is not supported by OpenSSL 0.9.8 and additionally your code enforces SSLv3. OpenSSL 0.9.8 不支持 TLS 1.2,另外您的代码强制执行 SSLv3。 You get TLS 1.2 only when upgrading to OpenSSL 1.0.1.只有在升级到 OpenSSL 1.0.1 时才能获得 TLS 1.2。
Some browsers will also fail to connect to this server, even if they have ways to work around such broken servers.某些浏览器也将无法连接到此服务器,即使它们有办法绕过此类损坏的服务器。 But while Firefox will only try to downgrade the connection to lesser SSL version (which often helps) Chrome manages to connect with TLS 1.2.但是,虽然 Firefox 只会尝试将连接降级到较低的 SSL 版本(这通常有帮助),但 Chrome 设法与 TLS 1.2 连接。
Edit: I've analyzed the issue further and now I cannot get a connection with TLS1.2 anymore but I can get a connection with TLS1.0 or SSL3.0, but only if the ciphers is hard coded to RC4-SHA.编辑:我已经进一步分析了这个问题,现在我无法再与 TLS1.2 建立连接,但我可以与 TLS1.0 或 SSL3.0 建立连接,但前提是密码被硬编码为 RC4-SHA。 I've tried others like AES128-SHA or DES-CBC3-SHA and they don't work.我试过 AES128-SHA 或 DES-CBC3-SHA 之类的其他方法,但它们不起作用。 So while it looks like a really messed up system explicitly setting所以虽然它看起来像一个非常混乱的系统明确设置
http.ssl_version = 'TLSv1' -- or SSLv3, but TLSv1 is better
http.ssl_cipher = 'rc4-sha'
should work.应该管用。 I'm not a ruby user so the exact syntax might differ, but I've tested with OpenSSL s_client.我不是 ruby 用户,所以确切的语法可能会有所不同,但我已经使用 OpenSSL s_client 进行了测试。
解决方案2
0 2017-04-12 00:26:30
Solution is to upgrade to openssl 1.0.2g-1ubuntu4.6 (from 1.0.1f-1ubuntu2.21 ) (eg from cedar-14 to heroku-16 stack).解决方案是升级到 openssl 1.0.2g-1ubuntu4.6 (从1.0.1f-1ubuntu2.21 )(例如从cedar-14升级到heroku-16堆栈)。
heroku stack:set heroku-16 -a your-app
And in app.json :在app.json :
{
...
"stack": "heroku-16",
...
}
解决方案3
0 2021-02-05 13:30:01
就我而言,问题是 MTU 大小!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.