我正在Docker Alpine映像中编写一个简单的Web搜寻器。但是,我无法将HTTPS请求发送到仅支持TLS1.0的服务器。如何配置Alpine linux以允许过时的TLS版本?
我尝试将MinProtocol添加到/etc/ssl/openssl.cnf并没有运气。
Dockerfile示例:
FROM node:12.0-alpine
RUN printf "[system_default_sect]\nMinProtocol = TLSv1.0\nCipherString = DEFAULT@SECLEVEL=1" >> /etc/ssl/openssl.cnf
CMD ["/usr/bin/wget", "https://www.restauracesalanda.cz/"]
构建并运行此容器时,我得到
Connecting to www.restauracesalanda.cz (93.185.102.124:443)
ssl_client: www.restauracesalanda.cz: handshake failed: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
wget: error getting response: Connection reset by peer
答案 0 :(得分:0)
我可以使用内置的busybox-wget重现您的问题。但是,使用“常规” wget可以:
root@a:~# docker run --rm -it node:12.0-alpine /bin/ash
/ # wget -q https://www.restauracesalanda.cz/; echo $?
ssl_client: www.restauracesalanda.cz: handshake failed: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
wget: error getting response: Connection reset by peer
1
/ # apk add wget
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/community/x86_64/APKINDEX.tar.gz
(1/1) Installing wget (1.20.3-r0)
Executing busybox-1.29.3-r10.trigger
OK: 7 MiB in 17 packages
/ # wget -q https://www.restauracesalanda.cz/; echo $?
0
/ #
我不确定,但是也许您应该在https://bugs.alpinelinux.org上发布问题
答案 1 :(得分:0)
将这个神奇的 1 班轮放入我的 dockerfile 解决了我的问题,我能够使用 TLS 1.0:
=TEXTJOIN(",",,REPT(TableOne[Project ID],([@Each Date in a year]>=TableOne[Start Date])*(@Each Date in a year]<=TableOne[End Date])))
归功于这个家伙:http://blog.travisgosselin.com/tls-1-0-1-1-docker-container-support/