CURL - SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

curl -G -v https://www.zhc.com:443/
* Adding handle: conn: 0x1fee30

* Adding handle: send: 0

* Adding handle: recv: 0

* Curl_addHandleToPipeline: length: 1

* - Conn 0 (0x1fee30) send_pipe: 1, recv_pipe: 0

* About to connect() to www.zhc.com port 4443 (#0)

*   Trying 172.7.197.11...

* Connected to www.zhc.com  (172.7.197.11) port 4443 (#0)

* successfully set certificate verify locations:

*   CAfile: /etc/ssl/certs/ca-certificates.crt

  CApath: none

* SSLv3, TLS handshake, Client hello (1):

* SSLv3, TLS alert, Server hello (2):

* error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

* Closing connection 0

curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

-G 是get请求，-v是verbose。从上述信息中我们发现服务端不支持SSLV2和SSLV3协议，现在服务器一般都支持了TLS1.0协议。

可以试一下用SSLV3去建立SSL连接：

curl https://www.zhc.com:443 –sslv3
*   Trying 172.7.197.11...

* Connected to www.zhc.com (172.7.197.11) port 4443 (#0)

* Server aborted the SSL handshake

* Closing connection 0

我们发现server端直接关闭了连接。

可以试一下用SSLV2去建立SSL连接：

curl https://www.zhc.com:443 –sslv2
*   Trying 172.7.197.11...

* Connected to www.zhc.com (172.7.197.11) port 4443 (#0)

* Your version of the OS does not support SSLv2

* Closing connection 0

我们发现服务端也直接关闭了连接，说不支持SSLv2.

可以试一下用TLS1.0去建立SSL连接：

curl https://www.zhc.com:443 –tlsv1
*   Trying 172.7.197.11...

* Connected to www.zhc.com (172.7.197.11) port 4443 (#0)

* TLS 1.0 connection using TLS_RSA_WITH_AES_128_CBC_SHA

* Server certificate: www.zhc.com 

* Server certificate:  CA G3

* Server certificate:  Internal Root Certificate Authority

发现成功。

原文:http://blog.csdn.net/hongchangfirst/article/details/78297002

作者:hongchangfirst

hongchangfirst的主页:http://blog.csdn.net/hongchangfirst