Ruby:SSL_connect SYSCALL返回= 5 errno = 0状态=未知状态(OpenSSL :: SSL :: SSLError)

本文介绍了Ruby:SSL_connect SYSCALL返回= 5 errno = 0状态=未知状态(OpenSSL :: SSL :: SSLError)的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

此错误的各种信息已在各地发布，但没有一种解决方案适合我.

Variants of this error have been posted all over the place but none of the solutions seem to work for me.

我正在运行ruby 2.2.2p95 (2015-04-13 revision 50295) [x86_64-linux]并且OpenSSL 1.0.1k 8 Jan 2015.

运行以下内容:

require 'net/http'
require 'openssl'

url = 'https://ntpnow.com/'
uri   = URI.parse(url)
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.ssl_version = :TLSv1
http.get(uri.path)

转储此跟踪:

/usr/local/lib/ruby/2.2.0/net/http.rb:923:in `connect': SSL_connect SYSCALL returned=5 errno=0 state=unknown state (OpenSSL::SSL::SSLError)
    from /usr/local/lib/ruby/2.2.0/net/http.rb:923:in `block in connect'
    from /usr/local/lib/ruby/2.2.0/timeout.rb:74:in `timeout'
    from /usr/local/lib/ruby/2.2.0/net/http.rb:923:in `connect'
    from /usr/local/lib/ruby/2.2.0/net/http.rb:863:in `do_start'
    from /usr/local/lib/ruby/2.2.0/net/http.rb:852:in `start'
    from /usr/local/lib/ruby/2.2.0/net/http.rb:1375:in `request'
    from /usr/local/lib/ruby/2.2.0/net/http.rb:1133:in `get'
    from bin/ntpnow_test.rb:9:in `<main>'

从浏览器导航到该站点显示证书似乎很好. Curl也不会产生任何错误.

Navigating to the site from a browser shows the certificate appears to be fine. Curl also does not produce any errors.

此外，当我尝试使用Ruby 1.9.3时，它似乎可以工作.但是，如果可以找到解决方案，我不愿意降级Ruby版本.

Additionally, when I try with Ruby 1.9.3 it seems to work. However, I'm not inclined to downgrade Ruby versions if I can find a solution.

您能告诉我到底是什么引起了这个问题吗?

Can you please tell me what exactly changed that is causing this problem?

更新:

下面是斯蒂芬的答案和解释是正确的.供以后参考，下面是如何诊断此问题.

Steffen's answer and explanation below is correct. For future reference, here is how to diagnose this problem.

首先确定服务器支持的密码.运行命令nmap --script ssl-enum-ciphers ntpnow.com.找到列出受支持密码的部分.
确定您必须作为http.ciphers的一部分传递的密码密钥.运行openssl ciphers.这将吐出一个:分隔的密码列表.找到与步骤1的结果相匹配的结果.

First determine which ciphers the server supports. Run the command nmap --script ssl-enum-ciphers ntpnow.com. Find the section that lists the supported ciphers.
Determine the cipher key you will have to pass as part of http.ciphers. Run openssl ciphers. This will spit out a : delimited list of ciphers. Find the one that matches the result from step 1.

推荐答案

这似乎与我在 https中回答的问题完全相同://stackoverflow.com/a/29611892/3081018 .同样的问题:服务器只能执行TLS 1.0，并且仅支持DES-CBC3-SHA作为密码.在最近的ruby版本中，默认情况下不再启用此密码.要使用此密码，请尝试在您的代码中明确指定密码:

This looks like exactly the same problem I've answered in https://stackoverflow.com/a/29611892/3081018. Same problem: the server can only do TLS 1.0 and only supports DES-CBC3-SHA as cipher. This cipher is no longer enabled by default in recent ruby versions. To connect with this cipher try to specify the cipher explicitly in your code:

http.ssl_version = :TLSv1
http.ciphers = ['DES-CBC3-SHA']

这篇关于Ruby:SSL_connect SYSCALL返回= 5 errno = 0状态=未知状态(OpenSSL :: SSL :: SSLError)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！