连接重置连接 - 打开URL时SSL_connect

时间:2015-01-14 04:48:43

标签: ruby-on-rails ssl

我正在尝试从BingAds网址下载.zip文件,并且正在努力绕过此错误:

Connection reset by peer - SSL_connect

我目前正在通过另一个应用程序在生产中运行此代码,但我正在使用nitrous.io在chromebook上运行新应用程序并运行默认的rails安装(亚硝基盒)。

目前在其他应用中使用的代码:

class BingApi
  def self.get_data(request_params={})
    require 'zip'

    #Acquire Bing report download URL
    report_url = BingApi.acquire_report_url(report_request_id, request_params)

    zip_file = open(report_url)

    unzippedxml = Zip::File.open(zip_file)                      # open zip
    entry = unzippedxml.entries.reject(&:directory?).first      # take first non-directory
    entry.get_input_stream{|is| is.read }          # read file contents
  end

report_url看起来像:https://download.api.bingads.microsoft.com/ReportDownload/Download.aspx?q=cWmkJ72lVlzGEG%2fouLL8Xes2j6I5qVhLrnTqNIrW ....

访问时,会提示下载.zip文件,我解压缩然后再解析。

然而,使用nitrous box的chromebook上的相同代码给我Connection reset by peer - SSL_connect错误

Errno::ECONNRESET - Connection reset by peer - SSL_connect:                                                                                                                                                                                          
  /home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/net/http.rb:920:in `block in connect'                                                                                                                                                    
  /home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/timeout.rb:76:in `timeout'                                                                                                                                                               
  /home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/net/http.rb:920:in `connect'                                                                                                                                                             
  /home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/net/http.rb:863:in `do_start'                                                                                                                                                            
  /home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/net/http.rb:852:in `start'                                                                                                                                                               
  /home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:313:in `open_http'                                                                                                                                                           
  /home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:724:in `buffer_open'                                                                                                                                                         
  /home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:210:in `block in open_loop'                                                                                                                                                  
  /home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:208:in `open_loop'                                                                                                                                                           
  /home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:149:in `open_uri'                                                                                                                                                            
  /home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:704:in `open'                                                                                                                                                                
  /home/action/.parts/packages/ruby2.1/2.1.1/lib/ruby/2.1.0/open-uri.rb:34:in `open'                                                                                                                                                                 
  lib/bing_api.rb:25:in `get_data'                                                                                                                                                                                                                   
  lib/bing_api.rb:224:in `get_and_parse'   

我一直在尝试各种不同的解决方案:

zip_file = open(report_url, :ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE)

OR

zip_file = Faraday.get(report_url, :ssl => false)

最后我通过使用:

来绕过它
uri = URI.parse(report_url)
https = Net::HTTP.new(uri.host, uri.port)
https.open_timeout = 5
https.use_ssl = true
https.ssl_version = 'SSLv3'
request = Net::HTTP::Get.new(uri.request_uri)
zip_file = https.request(request)

但我无法将zip_file传递给unzippedxml = Zip::File.open(zip_file),或者我收到no implicit conversion of Net::HTTPOK into String TypeError。

我在这里错过了一些简单的东西吗?我应该使用zip_file.class => Net::HTTPOK对象做些不同的事情吗?

我尝试调用zip_file.body但是如果您在解压缩之前尝试在编辑器中打开压缩文件,那么返回的内容就像您所看到的那样。

1 个答案:

答案 0 :(得分:4)

服务器坏了。

它仅支持显式TLS1.0和SSL3.0握手,不支持常用和最兼容的SSLv23握手。即使使用明确的TLS1.0握手,如果包含错误或过多的密码,它也会失败。 analyze.pl的相关输出:

* version SSLv23, no verification, ciphers= -> FAIL! SSL wants a read first
* version SSLv23, no verification, ciphers=HIGH:ALL -> FAIL! SSL wants a read first
* version TLSv1_2, no verification, ciphers= -> FAIL! SSL wants a read first
* version TLSv1_2, no verification, ciphers=HIGH:ALL -> FAIL! SSL wants a read first
* version TLSv1_1, no verification, ciphers= -> FAIL! SSL connect attempt failed error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
* version TLSv1_1, no verification, ciphers=HIGH:ALL -> FAIL! SSL wants a read first
* version TLSv1 no verification, ciphers= -> TLSv1,AES256-SHA
* version TLSv1, no verification, ciphers=HIGH:ALL -> FAIL! SSL wants a read first
* version SSLv3 no verification, ciphers= -> SSLv3,AES256-SHA
* version SSLv3 no verification, ciphers=HIGH:ALL -> SSLv3,AES256-SHA
* supported SSL versions with handshake used and preferred cipher(s):
  * handshake protocols ciphers
  * SSLv23    FAILED: SSL wants a read first 
  * TLSv1_2   FAILED: SSL wants a read first 
  * TLSv1_1   FAILED: SSL connect attempt failed error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number SSL wants a read first 
  * TLSv1     TLSv1     AES256-SHA
  * SSLv3     SSLv3     AES256-SHA

在这里可以看到SSLv23,TLSv1_2和TLSv1_1握手不起作用,并且TLSv1握手确实有效,但如果密码为HIGH则不行:所有(可能包含太多密码或可能包含意外密码)。然后SSLv3握手可以稳定工作。

浏览器通过尝试多次同时缓慢降级握手中使用的SSL / TLS协议版本来解决此类行为。但除了浏览器之外,其他任何人都没有这样做。因此,除非专门配置为对此服务器使用TLS1.0或SSL3.0握手,否则任何其他应用程序通常都会失败。

  

但是我无法将zip_file传递给unzippedxml = Zip :: File.open(zip_file),或者我没有将Net :: HTTPOK隐式转换为String TypeError。

至少您提供的网址只返回404未找到。请检查您是否确实获得了ZIP文件。我不知道这个服务器,但通常这些下载链接是动态创建的,并且只有在你之前访问过其他网站并在那里获得cookie或类似的东西将URL绑定到浏览器会话时才有效。 / p>