使用 perl 5.8.8 和 OpenSSL 1.0.1 连接 TLSv1.2 [英] Using perl 5.8.8 with OpenSSL 1.0.1 to connect with TLSv1.2
问题描述
我正在编写连接到支持 TLSv1.2 的服务器的 perl 脚本.目前我无法连接,因为 perl 在 CentOS 5.4 和 OpenSSL 版本 0.9.8e 上运行.我不想升级 perl,因为它可能会破坏脚本,因为已经发生了变化,并且 perl 的最新版本是 5.26,这太最新了.现在,我可以在不同的 Windows 机器上运行脚本,使用 perl 5.24 没有问题.我的问题是,我可以在 CentOS 5.x 上使用 openssl 1.0.1 并重新编译 perl 模块并且仍然能够连接到 TLV1.2 吗?我已经安装了LWP::UserAgent and 500 SSL协商失败中提到的模块除了openssl.我也跟着 https://miteshshah.github.io/linux/centos/how-to-enable-openssl-1-0-2-a-tlsv1-1-and-tlsv1-2-on-centos-5-and-rhel5/ 来安装 openssl 但是当我安装 openssl 版本时,我仍然看到原始版本,即 0.9.9e.
I am working on perl script that connects to server that supports TLSv1.2. At present I am not able to connect because perl is running on CentOS 5.4 with OpenSSL version 0.9.8e. I don't want to upgrade perl because it might break the script since there have been changes and latest version of perl is 5.26 which is way too latest. Now, I can run the script on different Windows box with no problems that is using perl 5.24. my question, can I use openssl 1.0.1 on CentOS 5.x and recompile perl modules and be still able to connect to TLV1.2? I have already installed modules mentioned in LWP::UserAgent and 500 SSL negotiation failed except openssl. I also followed https://miteshshah.github.io/linux/centos/how-to-enable-openssl-1-0-2-a-tlsv1-1-and-tlsv1-2-on-centos-5-and-rhel5/ to install openssl but when I do openssl version I still see the original version i.e. 0.9.9e.
在上面的链接中提到使用 CPAN 更新/安装 perl 模块.取而代之的是,我获得了 perl 模块的 rpm 并进行了安装.
In the above link it mentioned to use CPAN to update/install perl modules. Instead of that I got the rpm for perl modules and installed.
服务器上的 LWP 为 5.834.
LWP on server is 5.834.
我知道最好的方法是使用 CentOS 6 或更高版本,但有没有更好的方法来让它工作?
I know ideal way would be to go for CentOS 6 or later but is there a better approach to get this working?
推荐答案
... 使用 CPAN 更新/安装 perl 模块.取而代之的是,我获得了 perl 模块的 rpm 并进行了安装.
... use CPAN to update/install perl modules. Instead of that I got the rpm for perl modules and installed.
我不知道你安装了哪个 rpm.但是您需要一个版本的 Net::SSLeay(或 Crypt::SSLeay - 无论您使用什么)模块,该模块与较新版本的 OpenSSL 相关联.仅安装默认 RPM 无济于事,因为它与旧 OpenSSL 版本相关联.
I have no idea which rpm you've installed. But you need a version of the Net::SSLeay (or Crypt::SSLeay - whatever you've used) module which is linked against the newer version of OpenSSL. Just installing the default RPM will not help since it is linked against the older OpenSSL version.
这意味着您需要手动安装模块,并注意将其链接到较新的 OpenSSL 库.对于 Net::SSLeay,这意味着将正确的 OPENSSL_PREFIX 设置为新版本的 OpenSSL,如 Net::SSLeay 的自述文件.
This means you need to install the module manually and also take care that you link it against the newer OpenSSL library. For Net::SSLeay this means to set the correct OPENSSL_PREFIX to the new version of OpenSSL as documented in the README of Net::SSLeay.
我还建议使用更新版本的 LWP 和 IO::Socket::SSL,因为 TLS 1.2 通常不是您面临的唯一问题.其他问题可能是服务器需要 SNI.而且,我建议不要替换您的系统 Perl 模块,因为这可能会导致其他程序出现问题.而是使用 perlbrew 或类似工具来安装您自己的不同于系统 Perl 的 Perl,并将其与更新的模块一起使用以满足您的特定需求.
I also recommend to use a newer version of LWP and IO::Socket::SSL because TLS 1.2 is usually not the only problem you face. Other problems might be that the server requires SNI. And, I advice against replacing your system Perl modules since this might cause problems with other programs. Instead use perlbrew or similar to install your own Perl different from system Perl and use this with updated modules for your specific needs.
这篇关于使用 perl 5.8.8 和 OpenSSL 1.0.1 连接 TLSv1.2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
