主页 / server / 问题 / 716924
Accepted
pradeepchhetri
Asked: 2015-08-27 03:59:16 +0800 CST

Ruby open-uri 错误:返回的 SSL_connect SYSCALL=5 errno=0 state=SSLv2/v3 读取服务器你好 A

  • 772

当我在 Debian:Squeeze 中使用 ruby​​ 模块时,我注意到一个 ssl 握手错误,open-uri但它在 Debian:Wheezy 和 Debian:Jessie 上运行良好

这是我注意到的:

Debian 挤压

root@0fdf024c8c42:/# cat /etc/issue
Debian GNU/Linux 6.0 \n \l

root@0fdf024c8c42:/# irb
irb(main):001:0> require 'open-uri'
=> true
irb(main):002:0> open("https://www.openssl.org")
OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A
    from /usr/lib/ruby/1.9.1/net/http.rb:799:in `connect'
    from /usr/lib/ruby/1.9.1/net/http.rb:799:in `block in connect'
    from /usr/lib/ruby/1.9.1/timeout.rb:54:in `timeout'
    from /usr/lib/ruby/1.9.1/timeout.rb:99:in `timeout'
    from /usr/lib/ruby/1.9.1/net/http.rb:799:in `connect'
    from /usr/lib/ruby/1.9.1/net/http.rb:755:in `do_start'
    from /usr/lib/ruby/1.9.1/net/http.rb:744:in `start'
    from /usr/lib/ruby/1.9.1/open-uri.rb:306:in `open_http'
    from /usr/lib/ruby/1.9.1/open-uri.rb:775:in `buffer_open'
    from /usr/lib/ruby/1.9.1/open-uri.rb:203:in `block in open_loop'
    from /usr/lib/ruby/1.9.1/open-uri.rb:201:in `catch'
    from /usr/lib/ruby/1.9.1/open-uri.rb:201:in `open_loop'
    from /usr/lib/ruby/1.9.1/open-uri.rb:146:in `open_uri'
    from /usr/lib/ruby/1.9.1/open-uri.rb:677:in `open'
    from /usr/lib/ruby/1.9.1/open-uri.rb:33:in `open'
    from (irb):2
    from /usr/bin/irb:12:in `<main>'irb(main):003:0>

Debian Wheezy

root@d6d7e1af56d0:/# cat /etc/issue
Debian GNU/Linux 7 \n \l

root@d6d7e1af56d0:/# irb
irb(main):001:0> require 'open-uri'
=> true
irb(main):002:0> open("https://www.openssl.org")
=> #<StringIO:0x000000022aaec0>

Debian 杰西

root@405c251f32df:/# cat /etc/issue
Debian GNU/Linux 8 \n \l

root@405c251f32df:/# irb2.1
irb(main):001:0> require 'open-uri'
=> true
irb(main):002:0> open("https://www.openssl.org")
=> #<StringIO:0x00000001e45b78 @base_uri=#<URI::HTTPS:0x00000001e45ec0 URL:https://www.openssl.org>, @meta={"date"=>"Wed, 26 Aug 2015 11:56:57 GMT", "server"=>"Apache/2.4.7 (Ubuntu)", "strict-transport-security"=>"max-age=31536000; includeSubDomains", "accept-ranges"=>"bytes", "vary"=>"Accept-Encoding", "content-length"=>"2456", "content-type"=>"text/html; charset=UTF-8"}, @metas={"date"=>["Wed, 26 Aug 2015 11:56:57 GMT"], "server"=>["Apache/2.4.7 (Ubuntu)"], "strict-transport-security"=>["max-age=31536000; includeSubDomains"], "accept-ranges"=>["bytes"], "vary"=>["Accept-Encoding"], "content-length"=>["2456"], "content-type"=>["text/html; charset=UTF-8"]}, @status=["200", "OK"]>

我知道这与 ruby​​ 版本无关,因为我尝试更新 ruby​​ 版本但没有帮助。

debian

1 个回答

  1. Best Answer

    Squeeze 机器是否安装了ca-certificates软件包?没有它,就没有可用于验证提供的证书是否有效的受信任的根证书集。

    假设ca-certificates安装正确,您可能会遇到 TLS 协议兼容性问题。Squeeze 相当老了,它的 OpenSSL 版本与现代标准不完全一致。某些站点,例如www.openssl.org您测试过的 TLS 堆栈,可能会以限制与旧 TLS 堆栈的兼容性的方式配置它们的 TLS 堆栈,例如带有挤压的那个。

    在测试系统上,我在尝试时得到了与您相同的结果open("https://www.openssl.org"),但是连接到其他一些站点可以正常工作。 此 ssllabs 报告表明www.openssl.org不支持 TLS 1.0,这是来自 Squeeze 的连接报告为它支持的最高版本。因此,在这种特殊情况下,这就是您遇到的问题——简单的 TLS 版本不兼容。

    • 2

相关问题