Ssl
Https 連接,TLS 掛起,最終失敗 SSL_ERROR_SYSCALL
我正在嘗試正確診斷我有權訪問的伺服器似乎無法通過埠 443 聯繫 Internet 上的另一台伺服器的問題:
~$ curl https://mydomain.co.uk -vvv * Rebuilt URL to: https://mydomain.co.uk/ * Trying 1.2.3.4... * TCP_NODELAY set * Connected to mydomain.co.uk (1.2.3.4) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.2 (OUT), TLS handshake, Client hello (1): * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to mydomain.co.uk:443 * stopped the pause stream! * Closing connection 0 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to mydomain.co.uk:443我讀過這可能是因為密碼不兼容。所以我在不同網路上的不同伺服器上嘗試了它,但這次連接成功:
~$ curl https://mydomain.co.uk -vvv * Rebuilt URL to: https://mydomain.co.uk/ * Trying 1.2.3.4... * TCP_NODELAY set * Connected to mydomain.co.uk (1.2.3.4) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / AES128-GCM-SHA256 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: C=NA; ST=Some Place; L=Some City; O=MyCompany; OU=Technology; CN=*.mydomain.co.uk * start date: Mar 15 00:00:00 2018 GMT * expire date: Nov 13 12:00:00 2019 GMT * subjectAltName: host "mydomain.co.uk" matched cert's "mydomain.co.uk" * issuer: C=US; O=AniCert Inc; OU=www.anicert.com; CN=NioTrust RSA CA 2019 * SSL certificate verify ok. > GET / HTTP/1.1 > Host: mydomain.co.uk > User-Agent: curl/7.58.0 > Accept: */* > < HTTP/1.1 302 Moved Temporarily < Server: nginx < Date: Mon, 25 Feb 2019 17:30:02 GMT < Content-Type: text/html < Content-Length: 154 < Connection: keep-alive < Location: https://www.mydomain.co.uk < <html> <head><title>302 Found</title></head> <body bgcolor="white"> <center><h1>302 Found</h1></center> <hr><center>nginx</center> </body> </html> * Connection #0 to host mydomain.co.uk left intact我嘗試
curl命令的兩台伺服器都是相同的,它們所在的網路不同。我可以訪問的兩台伺服器正在執行 Ubuntu 18.04。我無權訪問他們都試圖連接的遠端伺服器。我需要能夠指出問題是/可能是什麼。所以這不是密碼。還有什麼可能導致 TLS 握手像這樣掛起?
乾杯,安庫爾
這已解決。這是由於ip被列入黑名單。一旦它被取下,連接就成功建立了。
可能是巧合,但我今天遇到了類似的錯誤。獲取連接的伺服器程序不知何故陷入了困境。有時它可以正常執行,有時它讓客戶在與您在這裡完全相同的時間點無限期地等待。不得不殺死 -9 這個伺服器程序。