当前位置:theitroad>ruby SSL_connect 返回=1 errno=0 state=SSLv3 read server hello A: 错误的版本号 (OpenSSL::SSL::SSLError)

ruby SSL_connect 返回=1 errno=0 state=SSLv3 read server hello A: 错误的版本号 (OpenSSL::SSL::SSLError)

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/26644867/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-06 06:37:13  来源:igfitidea点击:

SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: wrong version number (OpenSSL::SSL::SSLError)

rubyssl

提问by newBike

When I ran https.ssl_version = :TLSv1_2

当我跑 https.ssl_version = :TLSv1_2

I got the error

我得到了错误

ruby/2.1.0/net/http.rb:920:in `connect': 
SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: 
wrong version number (OpenSSL::SSL::SSLError)

Whe I changed to https.ssl_version = :SSLv3

当我改为 https.ssl_version = :SSLv3

ruby/2.1.0/net/http.rb:920:in `connect': 
SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A 
(OpenSSL::SSL::SSLError)

But I can do it without any error by rest client

但是我可以通过休息客户端没有任何错误地做到这一点

resp = RestClient.post(server_url, content, header)

The ssl connection is make me confused so much.

ssl 连接让我很困惑。

The problem both on macos and ubuntu 14.04

macos 和 ubuntu 14.04 上的问题

UPDATE

更新

Check my SSL parameters

检查我的 SSL 参数

Under default Ruby by irb

在默认 Ruby 下 irb

irb(main):001:0> require 'openssl'
=> true
irb(main):002:0>  OpenSSL::SSL::SSLContext::DEFAULT_PARAMS
=> {:ssl_version=>"SSLv23", :verify_mode=>1, :ciphers=>"ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", :options=>-2147482625}

Under Rails

下轨

{
    :ssl_version => "SSLv23",
    :verify_mode => 1,
        :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
        :options => -2147482625
}
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>

Brute force to try all kind of SSL version within Rails

在 Rails 中尝试各种 SSL 版本的蛮力

I changed the method by `OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ssl_version]=method`

:TLSv1
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_2_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:TLSv1_1_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv3_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23_server
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>
:SSLv23_client
#<OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A>

回答by spickermann

If you set the ssl_versionto TLSv1_2and the server does not support that version then you will see this error (same for SSLv3).

如果您将 设置ssl_versionTLSv1_2并且服务器不支持该版本,那么您将看到此错误(与 相同SSLv3)。

My guess is that RestClient probably just uses Ruby's default SSLv23. If that version is supported by the server it might just work.

我的猜测是 RestClient 可能只使用 Ruby 的默认SSLv23. 如果服务器支持该版本,它可能会正常工作。

Check the default for your Ruby version like this:

检查您的 Ruby 版本的默认值,如下所示:

require 'openssl'
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS
# => {
# =>     :ssl_version => "SSLv23",
# =>     :verify_mode => 1,
# =>     :ciphers     => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
# =>     :options     => -2147482625
# => }

If https.ssl_version = :TLSv1_2does not work then I would try other versions.

如果https.ssl_version = :TLSv1_2不起作用,那么我会尝试其他版本。

You can get a list of all available versions in your Ruby with:

您可以使用以下命令获取 Ruby 中所有可用版本的列表: 

OpenSSL::SSL::SSLContext::METHODS

I would start with:

我会从:

https.ssl_version = 'SSLv23'

Or you may want to ask the owner of the server which versions are supported.

或者您可能想询问服务器的所有者支持哪些版本。

回答by Steffen Ullrich

 When I ran https.ssl_version = :TLSv1_2
 ...
 https.ssl_version = :SSLv3

Any peer supporting only TLS1.0 or TLS1.1 will not work with both of these tests, because the offered version is either too high or too low. It is better to leave the default to SSLv23 handshake but explicitly disable SSLv3.

任何仅支持 TLS1.0 或 TLS1.1 的对等点将无法用于这两种测试,因为提供的版本要么太高要么太低。最好将默认设置为 SSLv23 握手,但明确禁用 SSLv3。

To do this you need to fiddle with the options and add SSL_OP_NO_SSLv3, see https://stackoverflow.com/a/24237525/3081018

为此,您需要摆弄选项并添加SSL_OP_NO_SSLv3,请参阅https://stackoverflow.com/a/24237525/3081018

相关推荐

ruby 用元素填充数组 N 次

ruby 用元素填充数组 N 次

ruby 从字符串中删除反斜杠(转义字符)

ruby 从字符串中删除反斜杠(转义字符)

ruby 如何在 OSX 上从自制​​软件中避免“无法加载此类文件 -- utils/popen”

ruby 如何在 OSX 上从自制​​软件中避免“无法加载此类文件 -- utils/popen”

Ruby:冒号之前与之后

Ruby:冒号之前与之后

相关推荐
最近更新
标签