curl给出响应200,但在SSL握手后,openssl s_client给出超时

时间:2018-10-25 12:59:24

标签: curl openssl amazon-elb

我在使用openssl软件包从ELB获取响应时遇到问题。

卷曲效果很好:

$ curl -iv https://example.com/isActive
* TCP_NODELAY set
* Connected to example.com (*.*.*.*) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* ALPN/NPN, server did not agree to a protocol
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

> GET /isActive HTTP/1.1
> Host: example.com
> User-Agent: curl/7.53.1
> Accept: */*
> 
< HTTP/1.1 200 
HTTP/1.1 200 
< Access-Control-Allow-Headers: origin, content-getMessageType, accept, x-requested-with
Access-Control-Allow-Headers: origin, content-getMessageType, accept, x-requested-with
< Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
< Access-Control-Allow-Origin: 
Access-Control-Allow-Origin: 
< Cache-Control: no-cache,no-store,max-age=0
Cache-Control: no-cache,no-store,max-age=0
< Date: Thu, 25 Oct 2018 12:48:26 GMT
Date: Thu, 25 Oct 2018 12:48:26 GMT
< Content-Length: 6
Content-Length: 6
< Connection: keep-alive
Connection: keep-alive
< 
* Connection #0 to host example.com left intact
ACTIVE

但是当我使用openssl包并尝试键入任何HTTP方法时,我收到了超时错误:

$ openssl s_client -connect example.com:443
CONNECTED(00000003)
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3205 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 0CED79628CFCF32462EEF5086AD38
    Session-ID-ctx: 
    Master-Key: 2ADB0E064422DFBAAAF704B17A1D3
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1540472141
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

GET /isActive
HTTP/1.1 408 REQUEST_TIMEOUT
Content-Length:0
Connection: Close

closed

什么可能导致此问题?我也尝试传递保持活动的标头,但仍然没有运气。谢谢!

1 个答案:

答案 0 :(得分:0)

需要将-crlf传递给命令:

openssl s_client -crlf -connect example.com:443