精通
英语
和
开源
,
擅长
开发
与
培训
,
胸怀四海
第一信赖
精通
英语
和
开源
,
擅长
开发
与
培训
,
胸怀四海
第一信赖
在用openssl开发飞机票务平台时,偶尔遇到SSL_ERROR_SYSCALL,感觉就是通信环境问题,看到外网上本文,就把这个感觉落实了,如果遇到调试疑难,多来锐英源软件网站上看看,欢迎收藏。
我正在尝试正确诊断我有权访问的服务器似乎无法通过端口 443 联系 Internet 上的另一台服务器的问题:
~$ curl https://mydomain.co.uk -vvv * Rebuilt URL to: https://mydomain.co.uk/ * Trying 1.2.3.4... * TCP_NODELAY set * Connected to mydomain.co.uk (1.2.3.4) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.2 (OUT), TLS handshake, Client hello (1): * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to mydomain.co.uk:443 * stopped the pause stream! * Closing connection 0 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to mydomain.co.uk:443
我读到这可能是因为不兼容的密码。所以我在不同网络上的不同服务器上尝试了一下,但这次成功建立了连接:
~$ curl https://mydomain.co.uk -vvv * Rebuilt URL to: https://mydomain.co.uk/ * Trying 1.2.3.4... * TCP_NODELAY set * Connected to mydomain.co.uk (1.2.3.4) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / AES128-GCM-SHA256 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: C=NA; ST=Some Place; L=Some City; O=MyCompany; OU=Technology; CN=*.mydomain.co.uk * start date: Mar 15 00:00:00 2018 GMT * expire date: Nov 13 12:00:00 2019 GMT * subjectAltName: host "mydomain.co.uk" matched cert's "mydomain.co.uk" * issuer: C=US; O=AniCert Inc; OU=www.anicert.com; CN=NioTrust RSA CA 2019 * SSL certificate verify ok. > GET / HTTP/1.1 > Host: mydomain.co.uk > User-Agent: curl/7.58.0 > Accept: */* > < HTTP/1.1 302 Moved Temporarily < Server: nginx < Date: Mon, 25 Feb 2019 17:30:02 GMT < Content-Type: text/html < Content-Length: 154 < Connection: keep-alive < Location: https://www.mydomain.co.uk < * Connection #0 to host mydomain.co.uk left intact
我尝试执行该命令的两个服务器都是相同的,但它们所在的网络不同。我可以访问的两台服务器都运行 Ubuntu 18.04。我无法访问他们都试图连接的远程服务器。我需要能够指出问题是什么/可能是什么。curl 所以这不是密码。还有什么可能导致 TLS 握手像这样挂起?
您应该询问您遇到问题的站点的网络管理员。他们可能有防火墙
此问题已得到解决。这是因为 ip 被列入黑名单。一旦它被移除,连接就成功建立。
可能是巧合,但我今天也遇到了类似的错误。获取连接的服务器进程不知何故卡在了一半。有时它进展顺利,有时它让客户在与您在这里完全相同的时间点无限期等待。必须杀死 -9 这个服务器进程。
我尝试更改 MTU,但这也无济于事
尝试一些其它调用方法:curl -v --ciphers DHE-RSA-AES128-GCM-SHA256 https://example.com , openssl s_client -connect example.com:443 , openssl s_client -connect example.com:443 -mtu 1478 -no_ticket -msg -cipher DHE-RSA-AES128-GCM-SHA256, openssl s_client -connect example.com:443 -mtu 1478 -no_ticket -msg