Когда я пытаюсь CURL веб-сайт, я получаю ошибку SSL
Я установил Ubuntu 20 на свой VPS. Вот почему я пытаюсь сделать:
curl -v https://imenik.tportal.hr/show?action=pretraga&type=bijeleStranice
[1] 438975
root@vps:/var/www/html/tportal# * Trying 195.29.166.100:443...
* TCP_NODELAY set
* Connected to imenik.tportal.hr (195.29.166.100) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS alert, protocol version (582):
* error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
* Closing connection 0
curl: (35) error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
Но когда я пытаюсь так, это вроде работает
curl -v http://imenik.tportal.hr/show?action=pretraga&type=bijeleStranice
[1] 438977
root@vps:/var/www/html/tportal# * Trying 195.29.166.100:80...
* TCP_NODELAY set
* Connected to imenik.tportal.hr (195.29.166.100) port 80 (#0)
> GET /show?action=pretraga HTTP/1.1
> Host: imenik.tportal.hr
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 16 Jun 2020 07:44:32 GMT
< Server: Apache/2.2.3 (CentOS)
< Location: https://imenik.tportal.hr/show?action=pretraga
< Content-Length: 336
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://imenik.tportal.hr/show?action=pretraga">here</a>.</p>
<hr>
<address>Apache/2.2.3 (CentOS) Server at imenik.tportal.hr Port 80</address>
</body></html>
* Closing connection 0
Я не могу найти решение этой проблемы SSL
2 ответа
The Website uses the old TLS protocol version 1.0, which has been disabled by default since Ubuntu 20.04.
To temporarily override the default for your curl command, you can create a config file somewhere (e.g. ~/.openssl_allow_tls1.0.cnf with following content:
openssl_conf = openssl_init
[openssl_init]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
CipherString = DEFAULT@SECLEVEL=1
Then run your command like this:
OPENSSL_CONF=~/.openssl_allow_tls1.0.cnf curl -v https://imenik.tportal.hr/show?action=pretraga&type=bijeleStranice
(this will only set OPENSSL_CONF for that single command)
or
export OPENSSL_CONF=~/.openssl_allow_tls1.0.cnf
curl -v https://imenik.tportal.hr/show?action=pretraga&type=bijeleStranice
(this will only set OPENSSL_CONF for the current session or script)
You could also set it globally in /etc/ssl/openssl.cnf, but it has been disabled for good reasons and I would only override that when necessary.
(via)
Отредактируйте файл openssl.conf:
sudo nano /etc/ssl/openssl.cnf
Добавьте эту строку вверху:
openssl_conf = openssl_init
И добавьте эти строки в конце:
[openssl_init]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
CipherString = DEFAULT@SECLEVEL=1
Это работает для меня. :)