curl: (35) 首次请求时连接出现未知 SSL 协议错误
Posted
技术标签:
【中文标题】curl: (35) 首次请求时连接出现未知 SSL 协议错误【英文标题】:curl: (35) Unknown SSL protocol error in connection at first request 【发布时间】:2017-05-17 10:20:05 【问题描述】:我试图通过 xbox live Oauth2.0 对用户进行身份验证,但我遇到了这个错误,它只在第一次请求时出现(之后它工作了几分钟)。我已经尝试过使用--sslv*、--tlsv1、--ciphers,没有任何帮助。
vagrant@vagrant:~$ curl -v https://xsts.auth.xboxlive.com/xsts/authorize
* Hostname was NOT found in DNS cache
* Trying 134.170.178.199...
* Connected to xsts.auth.xboxlive.com (134.170.178.199) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to xsts.auth.xboxlive.com:443
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to xsts.auth.xboxlive.com:443
root@admin:~# curl -v https://xsts.auth.xboxlive.com/xsts/authorize
* Trying 134.170.179.106...
* Connected to xsts.auth.xboxlive.com (134.170.179.106) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 696 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* gnutls_handshake() failed: Error in the pull function.
* Closing connection 0
curl: (35) gnutls_handshake() failed: Error in the pull function.
本地机器和生产环境中的 CURL 和 OpenSSL 版本
vagrant@vagrant:~$ curl --version
curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1f zlib/1.2.8 libidn/1.28 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
root@admin:~# curl --version
curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets
任何帮助将不胜感激!
【问题讨论】:
我打赌这是一个 OpenSSL 错误。并且您的 OpenSSL vagrant 编译版本大约有 3 年历史。尝试更新到较新版本的 OpenSSL 并重新编译 curl 并重试? 我用最新版本的 OpenSSLvagrant@vagrant:~$ curl --version curl 7.52.1 (x86_64-pc-linux-gnu) libcurl/7.52.1 OpenSSL/1.1.0c Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: IPv6 Largefile NTLM NTLM_WB SSL TLS-SRP UnixSockets HTTPS-proxy
重新编译 curl 但仍然出现同样的错误
这很有趣。 ps,我的盒子上也出现了同样的错误:root@newratma1:~# curl -v https://xsts.auth.xboxlive.com/xsts/authorize * Trying 134.170.179.199... * Connected to xsts.auth.xboxlive.com (134.170.179.199) port 443 (#0) * found 173 certificates in /etc/ssl/certs/ca-certificates.crt * found 692 certificates in /etc/ssl/certs * ALPN, offering h2 * ALPN, offering http/1.1 * gnutls_handshake() failed: Error in the push function. * Closing connection 0 curl: (35) gnutls_handshake() failed: Error in the push function.
也许是微软的错?
root@newratma1:~# curl --version curl 7.50.1 (x86_64-pc-linux-gnu) libcurl/7.50.1 GnuTLS/3.5.7 zlib/1.2.8 libidn/1.33 libssh2/1.7.0 nghttp2/1.17.0 librtmp/2.3 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets
- wget 也失败了!
【参考方案1】:
我通过 http2 支持编译和安装 curl 来解决这个问题。
您可以使用此链接:https://askubuntu.com/questions/884899/how-do-i-install-curl-with-http2-support
【讨论】:
【参考方案2】:我不知道你的设置细节,但错误
未知的 SSL 协议错误
可能发生在以下情况,
服务器不喜欢使用的 SSL 协议 服务器和客户端无法找到密码协议(服务器和客户端之间的密码不匹配) 证书或密钥已过期在调试模式下尝试 openssl s_client 以了解更多信息
【讨论】:
以上是关于curl: (35) 首次请求时连接出现未知 SSL 协议错误的主要内容,如果未能解决你的问题,请参考以下文章
curl:未知错误(0x80092012)-吊销功能无法检查证书的吊销
curl: (35) SSL connect error的解决方法
FB SDK 和 cURL:连接到 graph.facebook.com:443 的未知 SSL 协议错误