为什么 LWP 连接失败提示“500 SSL negotiation failed”?
Why does LWP fail to connect with "500 SSL negotiation failed"?
我的 Perl 脚本将一些信息发送到远程服务器。
下面是部分代码
#!/var/hvmail/libexec/perl
use strict;
use HTTP::Request::Common qw(POST);
use LWP::UserAgent;
use constant HANDLER_URL => "https://www.website.com/handler.php";
$ENV{HTTPS_DEBUG} = 1;
my $ua = LWP::UserAgent->new;
# Some DB stuff, not applicable
my $row; # This is a DB row ($sth->fetchrow_hashref())
my $req = POST ''.HANDLER_URL, [ %$row ];
my $res = $ua->request($req);
$res->is_success 是 false 而 $res->status_line 是
500 SSL negotiation failed
我们是 运行 CentOS 6.4、Perl 5.10.1、OpenSSL 1.0.1e-fips。
更新
这是完整的输出:
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL3 alert read:fatal:handshake failure
SSL_connect:failed in SSLv3 read server hello A
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:failed in SSLv2 read server hello A
Error: [ 500 SSL negotiation failed: ]
请求的命令输出
Can't locate Net/SSLeay.pm
Can't locate LWP/Protocol/https.pm
不需要''.HANDLER_URL。长得丑,HANDLER_URL还好
你没有解释 $row 中的内容或 POST 调用需要什么,但它看起来像这样
my $req = POST ''.HANDLER_URL, [ %$row ];
my $res = $ua->request($req);
应该是
my $res = $ua->post(HANDLER_URL, $row);
你好像很依赖Crypt::SSLeay。你不应该。它已过时且不完整。
安装最新的LWP::Protocol::https which will upgrade your LWP and install the preferred SSL/TLS stack consisting of the IO::Socket::SSL and Net::SSLeay。
A web search shows 有 CentOS6 存储库和 LWP::Protocol::https.
的 RPM 软件包
服务器已禁用 SSLv3 支持,这意味着协商失败。
安装包后,如果您仍然看到同样的错误,请确保您的脚本没有强制使用 Crypt::SSLeay。也就是说,确保以下 none 出现在脚本中的任何位置:
use Net::HTTPS;
$Net::HTTPS::SSL_SOCKET_CLASS = 'Net::SSL';
或
local $ENV{PERL_NET_HTTPS_SSL_SOCKET_CLASS} = 'Net::SSL';
或
use Net::SSL;
如果您仍然运行遇到问题,请确保脚本的 运行 时间环境中没有 PERL_NET_HTTPS_SSL_SOCKET_CLASS 环境变量。
另外,试试
$ /var/hvmail/libexec/perl -MNet::SSLeay -le 'print $Net::SSLeay::VERSION'
和
$ /var/hvmail/libexec/perl -MLWP::Protocol::https -le 'print $LWP::Protocol::https::VERSION`'
并报告输出。
我怀疑问题是为系统的 perl 安装了新软件包,而您似乎有一个单独的 perl.
如果是这种情况,您应该使用 /var/hvmail/libexec/perl 单独安装每个包。例如:
$ curl -O https://cpan.metacpan.org/authors/id/M/MI/MIYAGAWA/App-cpanminus-1.7043.tar.gz
$ tar xvf App-cpanminus-1.7043.tar.gz
$ cd App-cpanminus-1.7043
$ /var/hvmail/libexec/perl Makefile.PL
$ make install
找出 cpanm 的安装位置。我希望 /var/hvmail/libexec.
$ /var/hvmail/libexec/cpanm LWP::Protocol::https
另请参阅 Updating all outdated Perl modules, but that may be risky on a production. Still, installing App::cpanoutdated,看看您的 Perl 模块有多过时可能会有用
现在请记住,像这样修改生产安装是有风险的。确保您有办法在出现问题时撤消更改。
最后,注意 OpenSSL 1.0.1 versions are no longer supported:
With regards to current and future releases the OpenSSL project has adopted the following policy:
- Version 1.1.0 will be supported until 2018-08-31.
- Version 1.0.2 will be supported until 2019-12-31 (LTS).
- Version 1.0.1 is no longer supported.
- Version 1.0.0 is no longer supported.
- Version 0.9.8 is no longer supported.
我的 Perl 脚本将一些信息发送到远程服务器。
下面是部分代码
#!/var/hvmail/libexec/perl
use strict;
use HTTP::Request::Common qw(POST);
use LWP::UserAgent;
use constant HANDLER_URL => "https://www.website.com/handler.php";
$ENV{HTTPS_DEBUG} = 1;
my $ua = LWP::UserAgent->new;
# Some DB stuff, not applicable
my $row; # This is a DB row ($sth->fetchrow_hashref())
my $req = POST ''.HANDLER_URL, [ %$row ];
my $res = $ua->request($req);
$res->is_success 是 false 而 $res->status_line 是
500 SSL negotiation failed
我们是 运行 CentOS 6.4、Perl 5.10.1、OpenSSL 1.0.1e-fips。
更新
这是完整的输出:
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL3 alert read:fatal:handshake failure
SSL_connect:failed in SSLv3 read server hello A
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:failed in SSLv2 read server hello A
Error: [ 500 SSL negotiation failed: ]
请求的命令输出
Can't locate Net/SSLeay.pm
Can't locate LWP/Protocol/https.pm
不需要''.HANDLER_URL。长得丑,HANDLER_URL还好
你没有解释 $row 中的内容或 POST 调用需要什么,但它看起来像这样
my $req = POST ''.HANDLER_URL, [ %$row ];
my $res = $ua->request($req);
应该是
my $res = $ua->post(HANDLER_URL, $row);
你好像很依赖Crypt::SSLeay。你不应该。它已过时且不完整。
安装最新的LWP::Protocol::https which will upgrade your LWP and install the preferred SSL/TLS stack consisting of the IO::Socket::SSL and Net::SSLeay。
A web search shows 有 CentOS6 存储库和 LWP::Protocol::https.
服务器已禁用 SSLv3 支持,这意味着协商失败。
安装包后,如果您仍然看到同样的错误,请确保您的脚本没有强制使用 Crypt::SSLeay。也就是说,确保以下 none 出现在脚本中的任何位置:
use Net::HTTPS;
$Net::HTTPS::SSL_SOCKET_CLASS = 'Net::SSL';
或
local $ENV{PERL_NET_HTTPS_SSL_SOCKET_CLASS} = 'Net::SSL';
或
use Net::SSL;
如果您仍然运行遇到问题,请确保脚本的 运行 时间环境中没有 PERL_NET_HTTPS_SSL_SOCKET_CLASS 环境变量。
另外,试试
$ /var/hvmail/libexec/perl -MNet::SSLeay -le 'print $Net::SSLeay::VERSION'
和
$ /var/hvmail/libexec/perl -MLWP::Protocol::https -le 'print $LWP::Protocol::https::VERSION`'
并报告输出。
我怀疑问题是为系统的 perl 安装了新软件包,而您似乎有一个单独的 perl.
如果是这种情况,您应该使用 /var/hvmail/libexec/perl 单独安装每个包。例如:
$ curl -O https://cpan.metacpan.org/authors/id/M/MI/MIYAGAWA/App-cpanminus-1.7043.tar.gz
$ tar xvf App-cpanminus-1.7043.tar.gz
$ cd App-cpanminus-1.7043
$ /var/hvmail/libexec/perl Makefile.PL
$ make install
找出 cpanm 的安装位置。我希望 /var/hvmail/libexec.
$ /var/hvmail/libexec/cpanm LWP::Protocol::https
另请参阅 Updating all outdated Perl modules, but that may be risky on a production. Still, installing App::cpanoutdated,看看您的 Perl 模块有多过时可能会有用
现在请记住,像这样修改生产安装是有风险的。确保您有办法在出现问题时撤消更改。
最后,注意 OpenSSL 1.0.1 versions are no longer supported:
With regards to current and future releases the OpenSSL project has adopted the following policy:
- Version 1.1.0 will be supported until 2018-08-31.
- Version 1.0.2 will be supported until 2019-12-31 (LTS).
- Version 1.0.1 is no longer supported.
- Version 1.0.0 is no longer supported.
- Version 0.9.8 is no longer supported.