握手失败:SSL警报编号40

时间:2018-12-28 22:38:00

标签: ssl curl web-scraping openssl scrapy

我正在尝试抓取页面但没有成功:

>> scrapy shell "XXXXXX"
...
2018-12-28 17:23:32 [scrapy.downloadermiddlewares.retry] DEBUG: Retrying <GET XXXXXXXX> (failed 1 times): [<twisted.python.failure.Failure OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure')]>]
2018-12-28 17:23:32 [scrapy.downloadermiddlewares.retry] DEBUG: Retrying <GET XXXXXXXXXXXXX> (failed 2 times): [<twisted.python.failure.Failure OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure')]>]
2018-12-28 17:23:33 [scrapy.downloadermiddlewares.retry] DEBUG: Gave up retrying <GET XXXXXXXXXXXXXXXXX> (failed 3 times): [<twisted.python.failure.Failure OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure')]>]
Traceback (most recent call last):
  File "/home/joaquin/Repos/extruct/env/bin/scrapy", line 11, in <module>
    sys.exit(execute())
  File "/home/joaquin/Repos/extruct/env/lib/python3.7/site-packages/scrapy/cmdline.py", line 150, in execute
    _run_print_help(parser, _run_command, cmd, args, opts)
  File "/home/joaquin/Repos/extruct/env/lib/python3.7/site-packages/scrapy/cmdline.py", line 90, in _run_print_help
    func(*a, **kw)
  File "/home/joaquin/Repos/extruct/env/lib/python3.7/site-packages/scrapy/cmdline.py", line 157, in _run_command
    cmd.run(args, opts)
  File "/home/joaquin/Repos/extruct/env/lib/python3.7/site-packages/scrapy/commands/shell.py", line 73, in run
    shell.start(url=url, redirect=not opts.no_redirect)
  File "/home/joaquin/Repos/extruct/env/lib/python3.7/site-packages/scrapy/shell.py", line 48, in start
    self.fetch(url, spider, redirect=redirect)
  File "/home/joaquin/Repos/extruct/env/lib/python3.7/site-packages/scrapy/shell.py", line 115, in fetch
    reactor, self._schedule, request, spider)
  File "/home/joaquin/Repos/extruct/env/lib/python3.7/site-packages/twisted/internet/threads.py", line 122, in blockingCallFromThread
    result.raiseException()
  File "/home/joaquin/Repos/extruct/env/lib/python3.7/site-packages/twisted/python/failure.py", line 467, in raiseException
    raise self.value.with_traceback(self.tb)
twisted.web._newclient.ResponseNeverReceived: [<twisted.python.failure.Failure OpenSSL.SSL.Error: [('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure')]>]

尝试建立SSL连接时:

>> openssl s_client XXXXX.XXXX.XXXX:443
CONNECTED(00000003)
140087350686208:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1528:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 323 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
--- 

当我尝试使用curl进行此页面操作时,也是如此:

curl -i XXXX.XXXX.XXXX
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

我尝试在-servername中指定openssl,但这不能解决问题。尝试指定-tls1_2也不起作用。 TLS信息:

TLS INFO

更新

>> openssl version
OpenSSL 1.1.1a  20 Nov 2018

1 个答案:

答案 0 :(得分:0)

在搜索完全相同的问题时找到了您的问题(curl成功连接,而openssl失败,alert number 40)。

这可能与具有多个要服务的虚拟主机的服务器有关,并且您需要告诉您要连接到哪个主机,才能使TLS握手成功。

使用-servername参数指定所需的确切主机名。例如:

openssl s_client -connect yourserver.domain.com:443 -servername  yourserver.domain.com