本文介绍了Ruby:SSL_connect SYSCALL返回= 5 errno = 0状态=未知状态(OpenSSL :: SSL :: SSLError)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

此错误的各种信息已在各地发布,但没有一种解决方案适合我.

Variants of this error have been posted all over the place but none of the solutions seem to work for me.

我正在运行ruby 2.2.2p95 (2015-04-13 revision 50295) [x86_64-linux]并且OpenSSL 1.0.1k 8 Jan 2015.

运行以下内容:

require 'net/http'
require 'openssl'

url = 'https://ntpnow.com/'
uri   = URI.parse(url)
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.ssl_version = :TLSv1
http.get(uri.path)

转储此跟踪:

/usr/local/lib/ruby/2.2.0/net/http.rb:923:in `connect': SSL_connect SYSCALL returned=5 errno=0 state=unknown state (OpenSSL::SSL::SSLError)
    from /usr/local/lib/ruby/2.2.0/net/http.rb:923:in `block in connect'
    from /usr/local/lib/ruby/2.2.0/timeout.rb:74:in `timeout'
    from /usr/local/lib/ruby/2.2.0/net/http.rb:923:in `connect'
    from /usr/local/lib/ruby/2.2.0/net/http.rb:863:in `do_start'
    from /usr/local/lib/ruby/2.2.0/net/http.rb:852:in `start'
    from /usr/local/lib/ruby/2.2.0/net/http.rb:1375:in `request'
    from /usr/local/lib/ruby/2.2.0/net/http.rb:1133:in `get'
    from bin/ntpnow_test.rb:9:in `<main>'

从浏览器导航到该站点显示证书似乎很好. Curl也不会产生任何错误.

Navigating to the site from a browser shows the certificate appears to be fine. Curl also does not produce any errors.

此外,当我尝试使用Ruby 1.9.3时,它似乎可以工作.但是,如果可以找到解决方案,我不愿意降级Ruby版本.

Additionally, when I try with Ruby 1.9.3 it seems to work. However, I'm not inclined to downgrade Ruby versions if I can find a solution.

您能告诉我到底是什么引起了这个问题吗?

Can you please tell me what exactly changed that is causing this problem?

更新:

下面是斯蒂芬的答案和解释是正确的.供以后参考,下面是如何诊断此问题.

Steffen's answer and explanation below is correct. For future reference, here is how to diagnose this problem.

  1. 首先确定服务器支持的密码.运行命令nmap --script ssl-enum-ciphers ntpnow.com.找到列出受支持密码的部分.
  2. 确定您必须作为http.ciphers的一部分传递的密码密钥.运行openssl ciphers.这将吐出一个:分隔的密码列表.找到与步骤1的结果相匹配的结果.
  1. First determine which ciphers the server supports. Run the command nmap --script ssl-enum-ciphers ntpnow.com. Find the section that lists the supported ciphers.
  2. Determine the cipher key you will have to pass as part of http.ciphers. Run openssl ciphers. This will spit out a : delimited list of ciphers. Find the one that matches the result from step 1.

推荐答案

这似乎与我在 https中回答的问题完全相同://stackoverflow.com/a/29611892/3081018 .同样的问题:服务器只能执行TLS 1.0,并且仅支持DES-CBC3-SHA作为密码.在最近的ruby版本中,默认情况下不再启用此密码.要使用此密码,请尝试在您的代码中明确指定密码:

This looks like exactly the same problem I've answered in https://stackoverflow.com/a/29611892/3081018. Same problem: the server can only do TLS 1.0 and only supports DES-CBC3-SHA as cipher. This cipher is no longer enabled by default in recent ruby versions. To connect with this cipher try to specify the cipher explicitly in your code:

http.ssl_version = :TLSv1
http.ciphers = ['DES-CBC3-SHA']

这篇关于Ruby:SSL_connect SYSCALL返回= 5 errno = 0状态=未知状态(OpenSSL :: SSL :: SSLError)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-06 12:58