TLS阻塞最终SSL_ERROR_SYSCALL错误失败

我正在尝试正确诊断一个问题，即我可以访问的服务器似乎无法通过端口 443 联系 Internet 上的另一台服务器：

~$ curl https://mydomain.co.uk -vvv
* Rebuilt URL to: https://mydomain.co.uk/
*   Trying 1.2.3.4...
* TCP_NODELAY set
* Connected to mydomain.co.uk (1.2.3.4) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to mydomain.co.uk:443 
* stopped the pause stream!
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to mydomain.co.uk:443

我读到这可能是因为密码不兼容。所以我在不同网络的不同服务器上尝试了一下，但这次连接成功了：

~$ curl https://mydomain.co.uk -vvv
* Rebuilt URL to: https://mydomain.co.uk/
*   Trying 1.2.3.4...
* TCP_NODELAY set
* Connected to mydomain.co.uk (1.2.3.4) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=NA; ST=Some Place; L=Some City; O=MyCompany; OU=Technology; CN=*.mydomain.co.uk
*  start date: Mar 15 00:00:00 2018 GMT
*  expire date: Nov 13 12:00:00 2019 GMT
*  subjectAltName: host "mydomain.co.uk" matched cert's "mydomain.co.uk"
*  issuer: C=US; O=AniCert Inc; OU=www.anicert.com; CN=NioTrust RSA CA 2019
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: mydomain.co.uk
> User-Agent: curl/7.58.0
> Accept: */*
> 
< HTTP/1.1 302 Moved Temporarily
< Server: nginx
< Date: Mon, 25 Feb 2019 17:30:02 GMT
< Content-Type: text/html
< Content-Length: 154
< Connection: keep-alive
< Location: https://www.mydomain.co.uk
< 
<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host mydomain.co.uk left intact

我尝试该命令的两个服务器都是相同的，它们所在的网络不同。我可以访问的两台服务器正在运行 Ubuntu 18.04。我无法访问他们都尝试连接到的远程服务器。我需要能够指出问题是什么/可能是什么。curl

所以这不是密码。还有什么原因会导致TLS握手像这样挂起？

 

 

连接到站点时出现问题的服务器位于我无法控制的网络中。另一台可以工作的服务器就在家里。我尝试连接的网站是一家知名的运输公司......不确定我能说的远不止于此

 

您应该询问您遇到问题的站点的网络管理员。他们可能有防火墙

 

此问题已得到解决。这是因为该IP被列入黑名单。一旦它被取下，连接就成功建立了

 

可能是巧合，但我今天也遇到了类似的错误。接通连接的服务器进程不知何故卡住了一半。有时它恢复正常，有时它让客户在你在这里的完全相同的时间点无限期地等待。不得不杀死-9这个服务器进程。

 

尝试一些变化 curl -v --ciphers DHE-RSA-AES128-GCM-SHA256 https://example.com ， openssl s_client -connect example.com:443 ， openssl s_client -connect example.com:443 -mtu 1478 -no_ticket -msg -cipher DHE-RSA-AES128-GCM-SHA256， openssl s_client -connect example.com:443 -mtu 1478 -no_ticket -msg