当我运行curl时https://www.ethics.state.tx.us/data/search/lobby/TEC_LA_CSV.zip我得到一个
error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
我尝试添加-2和-3其他我在网上看到的东西,但似乎没有任何效果。我怎样才能解决这个问题并使用curl下载这个文件。
这是下面curl的输出,
$ curl -vvvk "https://www.ethics.state.tx.us/data/search/lobby/TEC_LA_CSV.zip"
* Trying 204.65.203.80:443...
* TCP_NODELAY set
* Connected to www.ethics.state.tx.us (204.65.203.80) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, handshake failure (552):
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
当我尝试使用时我也看到了这一点-2,
curl: (4) OpenSSL was built without SSLv2 support
和-3
curl: (4) OpenSSL was built without SSLv3 support
答案1
我不得不使用超级保密的 Debian/Ubuntu--ciphers DEFAULT@SECLEVEL=1
$ curl --ciphers DEFAULT@SECLEVEL=1 -vvvk "https://www.ethics.state.tx.us/data/search/lobby/TEC_LA_CSV.zip"
在我们的例子中,这启用了 TLS1.2,AES128-GCM-SHA256 的协商
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
来自 irc://irc.freenode.net/#curl
01:40 < bagder> EvanCarroll: add "--ciphers DEFAULT@SECLEVEL=1"
01:41 < EvanCarroll> zomfg.
01:41 < EvanCarroll> Where is that documented.
01:41 < EvanCarroll> nice trick.
01:42 < bagder> that's debian (ubuntu?) making things hard for users by upping that seclevel in the openssl conf
01:42 < bagder> and openssl gives a crappy error message there too, not helping either