我正在尝试使用
curl
,但遇到以下问题:
# curl -v --cacert ./ca.crt --key ./private/X.key --cert ./issued/X.crt https://X.X.X
* Rebuilt URL to: https://X.X.X/
* Trying X.X.X.X...
* TCP_NODELAY set
* Connected to X.X.X (X.X.X.X) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: ./ca.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Unknown (21):
* TLSv1.2 (IN), TLS alert, Server hello (2):
* error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
* Curl_http_done: called premature == 1
* stopped the pause stream!
* Closing connection 0
curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
#
# curl --version
curl 7.52.1 (x86_64-pc-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.2s zlib/1.2.8 libidn2/0.16 libpsl/0.17.0 (+libidn2/0.16) libssh2/1.7.0 nghttp2/1.18.1 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
#
请指教。
当我愚蠢地使用
https
而不是 http
进行测试时,我遇到了同样的错误 localhost
curl -X GET -H "Content-Type: application/json" https://localhost:8000/api/search
^
¯\_(ツ)
希望这对看到这篇文章的人有所帮助。
我还尝试从另一个环境运行相同的curl命令(相同的结果):
# curl --version
curl 7.38.0 (x86_64-pc-linux-gnu) libcurl/7.38.0 OpenSSL/1.0.1t zlib/1.2.8 libidn/1.29 libssh2/1.4.3 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API SPNEGO NTLM NTLM_WB SSL libz TLS-SRP
# cat /etc/debian_version
8.11
#
但是从另一个环境运行没有任何问题:
$ curl --version
curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 OpenSSL/1.1.1c zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
Release-Date: 2019-02-06
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
$ cat /etc/debian_version
kali-rolling
$
所有环境都使用适用于操作系统的最新(最新)版本的curl/openssl 软件包。
我相信这与旧版本的curl和/或openssl不支持最新的tlsv1.3有关,因为工作环境是这样的:
$ curl --help | grep -- --tlsv1.3
--tlsv1.3 Use TLSv1.3 or greater
$
我在 localhost:3002 端口测试 socket.io 时也遇到了同样的问题。我的问题是 https 而不是 http。我将 https 更改为 http 并且有效。
我的错误命令是:curl "https://localhost:3002/socket.io/?EIO=4&transport=polling"
我的正确命令是:curl "http://localhost:3002/socket.io/?EIO=4&transport=polling"
sudo curl -o /etc/yum.repos.d/newrelic-infra.repo https://download.newrelic.com/infrastruction_agent/linux/yum/el/7/x86_64/newrelic-infra.repo
错误 卷曲:(35)错误:1407742E:SSL例程:SSL23_GET_SERVER_HELLO:tlsv1警报协议版本
我有同样的错误,但我解决了它
wget --no-check-certificate https://download.newrelic.com/infrastruction_agent/linux/yum/el/7/x86_64/newrelic-infra.repo