在RedHat

时间:2017-10-25 18:39:17

标签: ssl curl https redhat tls1.2

请参阅下面的输出。我只是尝试使用RedHat Enterprise Server 6.9上的curl 7.52.1访问该网站。

[root@fti ~]# curl -v https://testweb.dms.com

* Rebuilt URL to: https://testweb.dms.com/
*   Trying 12.121.156.219...
* TCP_NODELAY set
* Connected to testweb.dms.com (12.121.156.219) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /root/anaconda3/ssl/cacert.pem
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to testweb.dms.com:443
* Curl_http_done: called premature == 1
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to testweb.dms.com:443

openssl工作正常。

[root@fti ~]# openssl s_client -connect testweb.dms.com:443
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 307 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1508957433
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

curl -V O / P 

curl 7.52.1 (x86_64-pc-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.2l zlib/1.2.8
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy

作为非root用户

[denimi@fti ~]$ curl -v https://testweb.dms.com
* About to connect() to testweb.dms.com 443 (#0)
*   Trying 12.121.156.219... connected
* Connected to testweb.dms.com (12.121.156.219) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -5961
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error

我该如何解决这个问题?

1 个答案:

答案 0 :(得分:1)

尝试使用特定协议或密码套装进行连接。似乎服务器不接受curl提供的协议。

试试这个:

curl --tlsv1.2 https://testweb.dms.com
相关问题
最新问题