Ruby:SSL_connect SYSCALL 返回=5 errno=0 state=unknown state (OpenSSL::SSL::SSLError) [英] Ruby: SSL_connect SYSCALL returned=5 errno=0 state=unknown state (OpenSSL::SSL::SSLError)
问题描述
这个错误的变种已经到处张贴,但似乎没有一个解决方案对我有用.
Variants of this error have been posted all over the place but none of the solutions seem to work for me.
我正在运行 ruby 2.2.2p95(2015-04-13 修订版 50295)[x86_64-linux]
和OpenSSL 1.0.1k 2015 年 1 月 8 日
.
运行以下内容:
require 'net/http'
require 'openssl'
url = 'https://ntpnow.com/'
uri = URI.parse(url)
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.ssl_version = :TLSv1
http.get(uri.path)
转储此跟踪:
/usr/local/lib/ruby/2.2.0/net/http.rb:923:in `connect': SSL_connect SYSCALL returned=5 errno=0 state=unknown state (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.2.0/net/http.rb:923:in `block in connect'
from /usr/local/lib/ruby/2.2.0/timeout.rb:74:in `timeout'
from /usr/local/lib/ruby/2.2.0/net/http.rb:923:in `connect'
from /usr/local/lib/ruby/2.2.0/net/http.rb:863:in `do_start'
from /usr/local/lib/ruby/2.2.0/net/http.rb:852:in `start'
from /usr/local/lib/ruby/2.2.0/net/http.rb:1375:in `request'
from /usr/local/lib/ruby/2.2.0/net/http.rb:1133:in `get'
from bin/ntpnow_test.rb:9:in `<main>'
从浏览器导航到该站点显示证书似乎没问题.Curl 也不会产生任何错误.
Navigating to the site from a browser shows the certificate appears to be fine. Curl also does not produce any errors.
此外,当我尝试使用 Ruby 1.9.3 时,它似乎可以工作.但是,如果我能找到解决方案,我不倾向于降级 Ruby 版本.
Additionally, when I try with Ruby 1.9.3 it seems to work. However, I'm not inclined to downgrade Ruby versions if I can find a solution.
你能告诉我导致这个问题的具体变化是什么吗?
Can you please tell me what exactly changed that is causing this problem?
更新:
下面史蒂芬的回答和解释是正确的.以下是诊断此问题的方法,以供将来参考.
Steffen's answer and explanation below is correct. For future reference, here is how to diagnose this problem.
- 首先确定服务器支持哪些密码.运行命令
nmap --script ssl-enum-ciphers ntpnow.com
.找到列出支持的密码的部分. - 确定您必须作为
http.ciphers
的一部分传递的密码密钥.运行openssl ciphers
.这将输出一个:
分隔的密码列表.找到与第 1 步的结果匹配的那个.
- First determine which ciphers the server supports. Run the command
nmap --script ssl-enum-ciphers ntpnow.com
. Find the section that lists the supported ciphers. - Determine the cipher key you will have to pass as part of
http.ciphers
. Runopenssl ciphers
. This will spit out a:
delimited list of ciphers. Find the one that matches the result from step 1.
推荐答案
这看起来和我在 https 中回答的问题完全一样://stackoverflow.com/a/29611892/3081018.同样的问题:服务器只能做 TLS 1.0 并且只支持 DES-CBC3-SHA 作为密码.在最近的 ruby 版本中,默认情况下不再启用此密码.要连接此密码,请尝试在您的代码中明确指定密码:
This looks like exactly the same problem I've answered in https://stackoverflow.com/a/29611892/3081018. Same problem: the server can only do TLS 1.0 and only supports DES-CBC3-SHA as cipher. This cipher is no longer enabled by default in recent ruby versions. To connect with this cipher try to specify the cipher explicitly in your code:
http.ssl_version = :TLSv1
http.ciphers = ['DES-CBC3-SHA']
这篇关于Ruby:SSL_connect SYSCALL 返回=5 errno=0 state=unknown state (OpenSSL::SSL::SSLError)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!