CURL - 间歇性错误35 - 连接中未知的SSL协议错误 [英] CURL - Intermittent Error 35 - Unknown SSL protocol error in connection
问题描述
我有一个运行Rundeck的服务器来处理大量的各种集成任务。
计划任务每个都对我们的内部网系统上的给定URL进行curl请求 - 基本上Rundeck只运行一个临时bash脚本。
I have a server running Rundeck to handle a large amount of various integration tasks. The scheduled tasks each make a curl request to a given URL on our intranet system - essentially Rundeck just runs a temporary bash script.
大约99%时间,这工作正常 - 但我们看到curl失败间歇性与错误35:未知的SSL协议错误连接。
About 99% of the time, this works fine - but we're seeing curl fail intermittently with Error 35: Unknown SSL protocol error in connection.
我试图明确指定ssl协议,已知良好的协议,但我们仍然遇到这个问题。
I've tried specifying the ssl protocol explicitly, with a known-good protocol, but we're still experiencing the issue.
我们有大量的请求出去 - 我不知道有什么关系。有一个机会,我们可以有〜3个curl进程在任何给定的时间运行。
We have a pretty high volume of requests going out - I'm not sure if that could have something to do with it. There is a chance we could have ~3 curl processes running at any given time.
任何建议都会感激。
curl --version
curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1f zlib/1.2.8 libidn/1.28 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
推荐答案
我自己想出来了。
观察服务器端的SSL连接通信。在失败的痕迹中我唯一可以看到的异常是我们的Diffe-Hellman公共密钥是127字节,通常它是128.
看起来IIS不知道如何处理这个,并终止通信。
I ended up using wireshark to watch the communication on the server side of the SSL connection. The only anomaly I could see in the trace of the failures was that our Diffe-Hellman Public Key was 127 bytes, when typically it would be 128.
It looks like IIS didn't know how to handle this, and terminated the communication.
我不是100%清楚什么是问题的根本原因,但强制非DH Ssl加密完全停止错误
I'm not 100% clear on what the root cause of the issue was, but forcing a non-DH ssl cipher completely stopped the error messages.
查看本文在Security.StackExchange中了解更多信息
这篇关于CURL - 间歇性错误35 - 连接中未知的SSL协议错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
