如何解决TLS 1.3 的 SSL 握手失败
curl 在 openssl 版本 1.1.1d 下失败,但在 OpenSSL/1.0.1t 下可以正常工作。我正在尝试调试原因,但找不到。
请从 curl 日志中找到以下跟踪。
失败案例 (curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 OpenSSL/1.1.1d)
CApath: /etc/ssl/certs
* TLSv1.3 (OUT),TLS handshake,Client hello (1):
* TLSv1.3 (IN),Server hello (2):
* TLSv1.3 (IN),Encrypted Extensions (8):
* TLSv1.3 (IN),TLS alert,handshake failure (552):
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
成功案例。卸载 curl 并安装 curl 版本 curl 7.38.0 (x86_64-pc-linux-gnu) libcurl/7.38.0 OpenSSL/1.0.1t
* Connected to kafkaconnect-0.kc.default.svc.cluster.local (10.244.4.107) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3,Client hello (1):
* SSLv3,Server hello (2):
* SSLv3,CERT (11):
* SSLv3,Server key exchange (12):
* SSLv3,Server finished (14):
* SSLv3,Client key exchange (16):
* SSLv3,TLS change cipher,Finished (20):
* SSLv3,Finished (20):
* SSL connection using TLSv1.2 / DHE-DSS-AES256-GCM-SHA384
* Server certificate:
* subject: CN=*.kc.default.svc.cluster.local.keystore.jks
* start date: 2021-04-16 17:01:03 GMT
* expire date: 2023-04-16 17:01:03 GMT
* issuer: CN=Red-Security-CA
* SSL certificate verify result: self signed certificate in certificate chain (19),continuing anyway.
> GET /connectors HTTP/1.1
> User-Agent: curl/7.38.0
Observations.
1. With older version,it was using SSLv3 and with latest version it is TLSv1.3
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
