%20%EC%98%A4%EB%A5%98%3A%2014077438%3A%20SSL%20%EB%A3%A8%ED%8B%B4%3A%20SSL23_GET_SERVER_HELLO%3A%20tlsv1%20%EA%B2%BD%EA%B3%A0%20%EB%82%B4%EB%B6%80%20%EC%98%A4%EB%A5%98.png)
컬을 사용하고 있어요7.26.0-1+가스프 11Debian Wheezy에서는 URL에 액세스하려고 할 때마다https://www.basebit.com.br, 다음 메시지와 함께 실패합니다.
$ curl https://www.basebit.com.br
curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
나는 몇 가지 조사를 한 결과 curl --sslv3그것이 효과가 있다는 것을 알았지만 다음과 같은 결과를 얻었습니다.
$ curl --sslv3 https://www.basebit.com.br
curl: (35) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
추가 정보:
$ curl --version
curl 7.26.0 (i486-pc-linux-gnu) libcurl/7.26.0 OpenSSL/1.0.1e zlib/1.2.7 libidn/1.25 libssh2/1.4.2 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp
Features: Debug GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
$ apt-cache show curl | grep Depends
Depends: libc6 (>= 2.7), libcurl3 (= 7.26.0-1+wheezy11), zlib1g (>= 1:1.1.4)
$ dpkg -l | egrep 'curl|openssl|gnutls'
ii curl 7.26.0-1+wheezy11 i386 command line tool for transferring data with URL syntax
ii libcurl3:i386 7.26.0-1+wheezy11 i386 easy-to-use client-side URL transfer library (OpenSSL flavour)
ii libcurl3-gnutls:i386 7.26.0-1+wheezy11 i386 easy-to-use client-side URL transfer library (GnuTLS flavour)
ii libgnutls26:i386 2.12.20-8+deb7u2 i386 GNU TLS library - runtime library
ii libneon27-gnutls 0.29.6-3 i386 HTTP and WebDAV client library (GnuTLS enabled)
ii openssl 1.0.1e-2+deb7u13 i386 Secure Socket Layer (SSL) binary and related cryptographic tools
ii python-openssl 0.13-2+deb7u1 i386 Python 2 wrapper around the OpenSSL library
$ ldd $(command -v curl)
linux-gate.so.1 => (0xb7727000)
libcurl.so.4 => /usr/lib/i386-linux-gnu/libcurl.so.4 (0xb76a7000)
librt.so.1 => /lib/i386-linux-gnu/i686/cmov/librt.so.1 (0xb769e000)
libz.so.1 => /lib/i386-linux-gnu/libz.so.1 (0xb7684000)
libc.so.6 => /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0xb751f000)
libidn.so.11 => /usr/lib/i386-linux-gnu/libidn.so.11 (0xb74ec000)
libssh2.so.1 => /usr/lib/i386-linux-gnu/libssh2.so.1 (0xb74c2000)
liblber-2.4.so.2 => /usr/lib/i386-linux-gnu/liblber-2.4.so.2 (0xb74b3000)
libldap_r-2.4.so.2 => /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2 (0xb7460000)
libgssapi_krb5.so.2 => /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2 (0xb7422000)
libssl.so.1.0.0 => /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0 (0xb73c9000)
libcrypto.so.1.0.0 => /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0 (0xb720b000)
librtmp.so.0 => /usr/lib/i386-linux-gnu/librtmp.so.0 (0xb71f1000)
libpthread.so.0 => /lib/i386-linux-gnu/i686/cmov/libpthread.so.0 (0xb71d7000)
/lib/ld-linux.so.2 (0xb7728000)
libgcrypt.so.11 => /lib/i386-linux-gnu/libgcrypt.so.11 (0xb7152000)
libresolv.so.2 => /lib/i386-linux-gnu/i686/cmov/libresolv.so.2 (0xb713e000)
libsasl2.so.2 => /usr/lib/i386-linux-gnu/libsasl2.so.2 (0xb7122000)
libgnutls.so.26 => /usr/lib/i386-linux-gnu/libgnutls.so.26 (0xb7059000)
libkrb5.so.3 => /usr/lib/i386-linux-gnu/libkrb5.so.3 (0xb6f86000)
libk5crypto.so.3 => /usr/lib/i386-linux-gnu/libk5crypto.so.3 (0xb6f5c000)
libcom_err.so.2 => /lib/i386-linux-gnu/libcom_err.so.2 (0xb6f57000)
libkrb5support.so.0 => /usr/lib/i386-linux-gnu/libkrb5support.so.0 (0xb6f4e000)
libdl.so.2 => /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0xb6f4a000)
libkeyutils.so.1 => /lib/i386-linux-gnu/libkeyutils.so.1 (0xb6f44000)
libgpg-error.so.0 => /lib/i386-linux-gnu/libgpg-error.so.0 (0xb6f3f000)
libtasn1.so.3 => /usr/lib/i386-linux-gnu/libtasn1.so.3 (0xb6f2d000)
libp11-kit.so.0 => /usr/lib/i386-linux-gnu/libp11-kit.so.0 (0xb6ef0000)
libffi.so.5 => /usr/lib/i386-linux-gnu/libffi.so.5 (0xb6ee6000)
웹마스터를 설득하려 했으나 실패했습니다.Tomcat의 https 커넥터에서 사용 가능한 암호를 제한합니다..
답변1
다음 컬 옵션을 사용하여 성공했습니다.
curl -vlkL https://www.basebit.com.br --ciphers DHE-RSA-AES256-SHA
어떤 HTTP 응답을 받나요?