curl:(35)错误:1407742E:SSL例程:SSL23_GET_SERVER_HELLO:tlsv1警报协议版本

问题描述 投票:0回答:4

我正在尝试使用

curl
,但遇到以下问题:

# curl -v --cacert ./ca.crt --key ./private/X.key --cert ./issued/X.crt https://X.X.X
* Rebuilt URL to: https://X.X.X/
*   Trying X.X.X.X...
* TCP_NODELAY set
* Connected to X.X.X (X.X.X.X) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: ./ca.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Unknown (21):
* TLSv1.2 (IN), TLS alert, Server hello (2):
* error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
* Curl_http_done: called premature == 1
* stopped the pause stream!
* Closing connection 0
curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
# 
# curl --version
curl 7.52.1 (x86_64-pc-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.2s zlib/1.2.8 libidn2/0.16 libpsl/0.17.0 (+libidn2/0.16) libssh2/1.7.0 nghttp2/1.18.1 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL 
#

请指教。

curl
4个回答
20
投票

当我愚蠢地使用 

https
而不是 
http
进行测试时,我遇到了同样的错误 
localhost

curl -X GET -H "Content-Type: application/json" https://localhost:8000/api/search
                                                    ^
                                                    ¯\_(ツ)

希望这对看到这篇文章的人有所帮助。

4
投票

我还尝试从另一个环境运行相同的curl命令(相同的结果):

# curl --version
curl 7.38.0 (x86_64-pc-linux-gnu) libcurl/7.38.0 OpenSSL/1.0.1t zlib/1.2.8 libidn/1.29 libssh2/1.4.3 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API SPNEGO NTLM NTLM_WB SSL libz TLS-SRP 
# cat /etc/debian_version 
8.11
#

但是从另一个环境运行没有任何问题:

$ curl --version
curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 OpenSSL/1.1.1c zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
Release-Date: 2019-02-06
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL 
$ cat /etc/debian_version 
kali-rolling
$

所有环境都使用适用于操作系统的最新(最新)版本的curl/openssl 软件包。

我相信这与旧版本的curl和/或openssl不支持最新的tlsv1.3有关,因为工作环境是这样的:

$ curl --help | grep -- --tlsv1.3
     --tlsv1.3       Use TLSv1.3 or greater
$
0
投票

我在 localhost:3002 端口测试 socket.io 时也遇到了同样的问题。我的问题是 https 而不是 http。我将 https 更改为 http 并且有效。

我的错误命令是:curl "https://localhost:3002/socket.io/?EIO=4&transport=polling"

我的正确命令是:curl "http://localhost:3002/socket.io/?EIO=4&transport=polling"

0
投票

sudo curl -o /etc/yum.repos.d/newrelic-infra.repo https://download.newrelic.com/infrastruction_agent/linux/yum/el/7/x86_64/newrelic-infra.repo

错误 卷曲:(35)错误:1407742E:SSL例程:SSL23_GET_SERVER_HELLO:tlsv1警报协议版本

我有同样的错误,但我解决了它

wget --no-check-certificate https://download.newrelic.com/infrastruction_agent/linux/yum/el/7/x86_64/newrelic-infra.repo

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.