问题:
|
1 2 |
# curl https://github.com curl: (35) SSL connect error |
分析:
tcpdump 抓包、wireshark分析:
基本是由于ssl版本导致的:
client想使用TLS 1.0 , server说,不行,太低
解决办法:
|
1 |
curl --tlsv1.2 https://github.com |
每次都带上个选项多不方便,使用 .curlrc ; linux上的程序一般都这个套路,在用户目录下写个配置文件:
|
1 2 |
# cat ~/.curlrc --tlsv1.2 |
配置文件格式就是直接写curl的命令行选项,简单粗暴高效。
有些curl -v 就能看到握手的ssl版本号
|
1 2 3 4 5 6 7 8 9 10 11 12 |
$ curl -v https://github.com * Rebuilt URL to: https://github.com/ * Trying 172.16.20.14... * Connected to github.com (172.16.20.14) port 443 (#0) * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * Server certificate: github.com * Server certificate: DigiCert SHA2 Extended Validation Server CA * Server certificate: DigiCert High Assurance EV Root CA > GET / HTTP/1.1 > Host: github.com > User-Agent: curl/7.49.1 > Accept: */* |