Ruby:SSL_connect SYSCALL 返回=5 errno=0 state=unknown state (OpenSSL::SSL::SSLError) [英] Ruby: SSL_connect SYSCALL returned=5 errno=0 state=unknown state (OpenSSL::SSL::SSLError)

问题描述

这个错误的变种已经到处张贴，但似乎没有一个解决方案对我有用.

Variants of this error have been posted all over the place but none of the solutions seem to work for me.

我正在运行 ruby 2.2.2p95(2015-04-13 修订版 50295)[x86_64-linux] 和OpenSSL 1.0.1k 2015 年 1 月 8 日.

运行以下内容:

require 'net/http'
require 'openssl'

url = 'https://ntpnow.com/'
uri   = URI.parse(url)
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.ssl_version = :TLSv1
http.get(uri.path)

转储此跟踪:

/usr/local/lib/ruby/2.2.0/net/http.rb:923:in `connect': SSL_connect SYSCALL returned=5 errno=0 state=unknown state (OpenSSL::SSL::SSLError)
    from /usr/local/lib/ruby/2.2.0/net/http.rb:923:in `block in connect'
    from /usr/local/lib/ruby/2.2.0/timeout.rb:74:in `timeout'
    from /usr/local/lib/ruby/2.2.0/net/http.rb:923:in `connect'
    from /usr/local/lib/ruby/2.2.0/net/http.rb:863:in `do_start'
    from /usr/local/lib/ruby/2.2.0/net/http.rb:852:in `start'
    from /usr/local/lib/ruby/2.2.0/net/http.rb:1375:in `request'
    from /usr/local/lib/ruby/2.2.0/net/http.rb:1133:in `get'
    from bin/ntpnow_test.rb:9:in `<main>'

从浏览器导航到该站点显示证书似乎没问题.Curl 也不会产生任何错误.

Navigating to the site from a browser shows the certificate appears to be fine. Curl also does not produce any errors.

此外，当我尝试使用 Ruby 1.9.3 时，它似乎可以工作.但是，如果我能找到解决方案，我不倾向于降级 Ruby 版本.

Additionally, when I try with Ruby 1.9.3 it seems to work. However, I'm not inclined to downgrade Ruby versions if I can find a solution.

你能告诉我导致这个问题的具体变化是什么吗?

Can you please tell me what exactly changed that is causing this problem?

更新:

下面史蒂芬的回答和解释是正确的.以下是诊断此问题的方法，以供将来参考.

Steffen's answer and explanation below is correct. For future reference, here is how to diagnose this problem.

1. 首先确定服务器支持哪些密码.运行命令 nmap --script ssl-enum-ciphers ntpnow.com.找到列出支持的密码的部分.
2. 确定您必须作为 http.ciphers 的一部分传递的密码密钥.运行 openssl ciphers.这将输出一个 : 分隔的密码列表.找到与第 1 步的结果匹配的那个.

1. First determine which ciphers the server supports. Run the command nmap --script ssl-enum-ciphers ntpnow.com. Find the section that lists the supported ciphers.
2. Determine the cipher key you will have to pass as part of http.ciphers. Run openssl ciphers. This will spit out a : delimited list of ciphers. Find the one that matches the result from step 1.

推荐答案

这看起来和我在 https 中回答的问题完全一样://stackoverflow.com/a/29611892/3081018.同样的问题:服务器只能做 TLS 1.0 并且只支持 DES-CBC3-SHA 作为密码.在最近的 ruby​​ 版本中，默认情况下不再启用此密码.要连接此密码，请尝试在您的代码中明确指定密码:

This looks like exactly the same problem I've answered in https://stackoverflow.com/a/29611892/3081018. Same problem: the server can only do TLS 1.0 and only supports DES-CBC3-SHA as cipher. This cipher is no longer enabled by default in recent ruby versions. To connect with this cipher try to specify the cipher explicitly in your code:

http.ssl_version = :TLSv1
http.ciphers = ['DES-CBC3-SHA']

这篇关于Ruby:SSL_connect SYSCALL 返回=5 errno=0 state=unknown state (OpenSSL::SSL::SSLError)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！