发表新帖
发表新帖

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=unknown state: unknown protocol

前端 未结
关注
4 755
北荒
北荒 2020-12-05 15:43

I\'ve followed many posts regarding this issue and non of them helped. I\'m trying to connect using simplest irb commands:

require \'open-uri\'
open (\'https
相关标签:
4条回答
  • 爱一瞬间的悲伤
    2020-12-05 16:10

    I received the same message and it simply turned out I had http.use_ssl = true set on a non SSL connection.

    0 讨论(0)
  • 情书的邮戳
    2020-12-05 16:12

    If you're on Mac and it's an OSX certificate issue (which was the case for me), you can fix it by running:

    rvm osx-ssl-certs update all

    See https://rvm.io/support/fixing-broken-ssl-certificates

    0 讨论(0)
  • 逝去的感伤
    2020-12-05 16:14

    The problem appears to be that your target site, aristo4stu3.bgu.ac.il, is picky about SSL/TLS handshaking. I got two different results with the following OpenSSL command with different versions of OpenSSL:

    openssl s_client -connect aristo4stu3.bgu.ac.il:443

    This does connect with the stock OpenSSL 0.9.8x on OS X 10.7.5. However, it does not connect using OpenSSL 1.0.1e - in that case the server just closes the connection (by sending a Close Notify alert) immediately after receiving the Client Hello.

    I captured packets with Wireshark, and the difference between what these two versions send is that 0.9.8x is sending an SSLv2 Client Hello advertising support through TLS 1.0, while 1.0.1e is sending a TLSv1 Client Hello advertising support through TLS 1.2.

    If I tell 1.0.1e not to use TLS:

    openssl s_client -connect aristo4stu3.bgu.ac.il:443 -no_tls1

    This connects successfully with an SSLv3 Client Hello advertising support through SSL 3.0.

    Incidentally, my local ruby does make a successful connection with open-uri to your site:

    $ irb
>> require 'open-uri'
=> true
>> open('https://aristo4stu3.bgu.ac.il')
=> #<StringIO:0x10271fa90>
>> require 'openssl'
=> false
>> OpenSSL::OPENSSL_VERSION
=> "OpenSSL 0.9.8r 8 Feb 2011"
>>

    So the indicated approaches seem to be:

    1. Upgrade the server to handle more Client Hello variants, or
    2. Install a ruby that uses an older OpenSSL library, or
    3. Change your program to send a different Client Hello.

    It does not appear that the open-uri module has an option to set the SSL/TLS version used to communicate. If you can't modify the server you may need to use a different module or library to establish the connection, or perhaps find a way to patch the openssl module so it uses a different Client Hello.

    0 讨论(0)
  • 陌清茗
    2020-12-05 16:25

    I found a good writeup of the problem & solution here. http://blog.55minutes.com/2012/05/tls-error-with-ruby-client-and-tomcat-server/

    TLDR code snippet that resolves the problem.

    http = Net::HTTP.new(host, port)
http.use_ssl = true
http.ssl_version = :SSLv3
http.start { ... }
    0 讨论(0)
 看不清?
提交回复
热议问题