[英]SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: wrong version number (OpenSSL::SSL::SSLError)
When I ran https.ssl_version = :TLSv1_2
当我运行https.ssl_version = :TLSv1_2
I got the error 我收到了错误
ruby/2.1.0/net/http.rb:920:in `connect':
SSL_connect returned=1 errno=0 state=SSLv3 read server hello A:
wrong version number (OpenSSL::SSL::SSLError)
Whe I changed to https.ssl_version = :SSLv3
我改为https.ssl_version = :SSLv3
ruby/2.1.0/net/http.rb:920:in `connect':
SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A
(OpenSSL::SSL::SSLError)
But I can do it without any error by rest client 但是我可以在没有任何错误的情况下做到这一点
resp = RestClient.post(server_url, content, header)
The ssl connection is make me confused so much. ssl连接让我很困惑。
The problem both on macos and ubuntu 14.04 macos和ubuntu 14.04上的问题
Check my SSL parameters 检查我的SSL参数
irb
在默认的Ruby下由irb
irb(main):001:0> require 'openssl'
=> true
irb(main):002:0> OpenSSL::SSL::SSLContext::DEFAULT_PARAMS
=> {:ssl_version=>"SSLv23", :verify_mode=>1, :ciphers=>"ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", :options=>-2147482625}
{
:ssl_version => "SSLv23",
:verify_mode => 1,
:ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
:options => -2147482625
}
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
I changed the method by `OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ssl_version]=method`
:TLSv1
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
If you set the ssl_version
to TLSv1_2
and the server does not support that version then you will see this error (same for SSLv3
). 如果将ssl_version
设置为TLSv1_2
并且服务器不支持该版本,那么您将看到此错误(对于SSLv3
)。
My guess is that RestClient probably just uses Ruby's default SSLv23
. 我的猜测是RestClient可能只使用Ruby的默认SSLv23
。 If that version is supported by the server it might just work. 如果服务器支持该版本,它可能正常工作。
Check the default for your Ruby version like this: 检查Ruby版本的默认值,如下所示:
require 'openssl'
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS
# => {
# => :ssl_version => "SSLv23",
# => :verify_mode => 1,
# => :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
# => :options => -2147482625
# => }
If https.ssl_version = :TLSv1_2
does not work then I would try other versions. 如果https.ssl_version = :TLSv1_2
不起作用,那么我会尝试其他版本。
You can get a list of all available versions in your Ruby with: 您可以在Ruby中获得所有可用版本的列表:
OpenSSL::SSL::SSLContext::METHODS
I would start with: 我会从:
https.ssl_version = 'SSLv23'
Or you may want to ask the owner of the server which versions are supported. 或者您可能想要询问服务器的所有者支持哪些版本。
When I ran https.ssl_version = :TLSv1_2
...
https.ssl_version = :SSLv3
Any peer supporting only TLS1.0 or TLS1.1 will not work with both of these tests, because the offered version is either too high or too low. 任何仅支持TLS1.0或TLS1.1的对等体都不能同时使用这两种测试,因为提供的版本太高或太低。 It is better to leave the default to SSLv23 handshake but explicitly disable SSLv3. 最好将默认值保留为SSLv23握手,但明确禁用SSLv3。
To do this you need to fiddle with the options and add SSL_OP_NO_SSLv3
, see https://stackoverflow.com/a/24237525/3081018 要做到这一点,你需要摆弄选项并添加SSL_OP_NO_SSLv3
,请参阅https://stackoverflow.com/a/24237525/3081018
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.