use*_*610 8 openssl libcurl sslv3 tls1.3
curl 在 openssl 版本 1.1.1d 上失败,但在 OpenSSL/1.0.1t 上工作正常。我正在尝试调试原因,但无法找到原因。
请从卷曲日志中找到以下跟踪。
失败案例(curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 OpenSSL/1.1.1d)
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS alert, handshake failure (552):
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
成功案例。卸载curl并安装curl版本curl 7.38.0 (x86_64-pc-linux-gnu) libcurl/7.38.0 OpenSSL/1.0.1t
* Connected to kafkaconnect-0.kc.default.svc.cluster.local (10.244.4.107) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / DHE-DSS-AES256-GCM-SHA384
* Server certificate:
* subject: CN=*.kc.default.svc.cluster.local.keystore.jks
* start date: 2021-04-16 17:01:03 GMT
* expire date: 2023-04-16 17:01:03 GMT
* issuer: CN=Red-Security-CA
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> GET /connectors HTTP/1.1
> User-Agent: curl/7.38.0
Observations.
1. With older version, it was using SSLv3 and with latest version it is TLSv1.3
一个潜在的原因是没有为 OpenSSL 启用兼容的密码。在成功的案例中,它似乎可以与DHE-DSS-AES256-GCM-SHA384. 您可以通过向curl 添加命令行参数来使用其他版本的curl 测试该特定密码--ciphers。
例如
curl <yoursitehere> --ciphers DHE-DSS-AES256-GCM-SHA384
/etc/ssl/openssl.cnf您还可以通过查看该文件来了解为 OpenSSL 启用了哪些密码CipherString。请注意,有些不太安全/不安全,因此它们可能已被删除。
| 归档时间: |
|
| 查看次数: |
14448 次 |
| 最近记录: |