我正在使用卷曲7.26.0-1+喘息11在 Debian Wheezy 上,每当我尝试访问 URL 时https://www.basebit.com.br,它失败并显示消息:
$ curl https://www.basebit.com.br
curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
我做了一些研究,发现curl --sslv3应该可行,但后来我得到:
$ curl --sslv3 https://www.basebit.com.br
curl: (35) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
一些额外信息:
$ curl --version
curl 7.26.0 (i486-pc-linux-gnu) libcurl/7.26.0 OpenSSL/1.0.1e zlib/1.2.7 libidn/1.25 libssh2/1.4.2 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp
Features: Debug GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
$ apt-cache show curl | grep Depends
Depends: libc6 (>= 2.7), libcurl3 (= 7.26.0-1+wheezy11), zlib1g (>= 1:1.1.4)
$ dpkg -l | egrep 'curl|openssl|gnutls'
ii curl 7.26.0-1+wheezy11 i386 command line tool for transferring data with URL syntax
ii libcurl3:i386 7.26.0-1+wheezy11 i386 easy-to-use client-side URL transfer library (OpenSSL flavour)
ii libcurl3-gnutls:i386 7.26.0-1+wheezy11 i386 easy-to-use client-side URL transfer library (GnuTLS flavour)
ii libgnutls26:i386 2.12.20-8+deb7u2 i386 GNU TLS library - runtime library
ii libneon27-gnutls 0.29.6-3 i386 HTTP and WebDAV client library (GnuTLS enabled)
ii openssl 1.0.1e-2+deb7u13 i386 Secure Socket Layer (SSL) binary and related cryptographic tools
ii python-openssl 0.13-2+deb7u1 i386 Python 2 wrapper around the OpenSSL library
$ ldd $(command -v curl)
linux-gate.so.1 => (0xb7727000)
libcurl.so.4 => /usr/lib/i386-linux-gnu/libcurl.so.4 (0xb76a7000)
librt.so.1 => /lib/i386-linux-gnu/i686/cmov/librt.so.1 (0xb769e000)
libz.so.1 => /lib/i386-linux-gnu/libz.so.1 (0xb7684000)
libc.so.6 => /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0xb751f000)
libidn.so.11 => /usr/lib/i386-linux-gnu/libidn.so.11 (0xb74ec000)
libssh2.so.1 => /usr/lib/i386-linux-gnu/libssh2.so.1 (0xb74c2000)
liblber-2.4.so.2 => /usr/lib/i386-linux-gnu/liblber-2.4.so.2 (0xb74b3000)
libldap_r-2.4.so.2 => /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2 (0xb7460000)
libgssapi_krb5.so.2 => /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2 (0xb7422000)
libssl.so.1.0.0 => /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0 (0xb73c9000)
libcrypto.so.1.0.0 => /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0 (0xb720b000)
librtmp.so.0 => /usr/lib/i386-linux-gnu/librtmp.so.0 (0xb71f1000)
libpthread.so.0 => /lib/i386-linux-gnu/i686/cmov/libpthread.so.0 (0xb71d7000)
/lib/ld-linux.so.2 (0xb7728000)
libgcrypt.so.11 => /lib/i386-linux-gnu/libgcrypt.so.11 (0xb7152000)
libresolv.so.2 => /lib/i386-linux-gnu/i686/cmov/libresolv.so.2 (0xb713e000)
libsasl2.so.2 => /usr/lib/i386-linux-gnu/libsasl2.so.2 (0xb7122000)
libgnutls.so.26 => /usr/lib/i386-linux-gnu/libgnutls.so.26 (0xb7059000)
libkrb5.so.3 => /usr/lib/i386-linux-gnu/libkrb5.so.3 (0xb6f86000)
libk5crypto.so.3 => /usr/lib/i386-linux-gnu/libk5crypto.so.3 (0xb6f5c000)
libcom_err.so.2 => /lib/i386-linux-gnu/libcom_err.so.2 (0xb6f57000)
libkrb5support.so.0 => /usr/lib/i386-linux-gnu/libkrb5support.so.0 (0xb6f4e000)
libdl.so.2 => /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0xb6f4a000)
libkeyutils.so.1 => /lib/i386-linux-gnu/libkeyutils.so.1 (0xb6f44000)
libgpg-error.so.0 => /lib/i386-linux-gnu/libgpg-error.so.0 (0xb6f3f000)
libtasn1.so.3 => /usr/lib/i386-linux-gnu/libtasn1.so.3 (0xb6f2d000)
libp11-kit.so.0 => /usr/lib/i386-linux-gnu/libp11-kit.so.0 (0xb6ef0000)
libffi.so.5 => /usr/lib/i386-linux-gnu/libffi.so.5 (0xb6ee6000)
我没有成功地试图说服网站管理员限制 Tomcat 的 https 连接器中的可用密码。
答案1
我使用下面的curl选项成功了:
curl -vlkL https://www.basebit.com.br --ciphers DHE-RSA-AES256-SHA
您得到什么 HTTP 响应?