本文探讨了使用Wget时遇到的SSL连接问题,并详细记录了解决过程,包括升级OpenSSL版本、配置Wget等步骤。
Wget and SSL Issue
WGET issue:
>wget -nv -O ./2204.xml.gz 'https://xxxxx.com/feed.xml.gz'
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.
>openssl s_client -connect xxxxx.com:443 -debug
CONNECTED(00000003)
write to 0x2219f20 [0x22566f0] (249 bytes => 249 (0xF9))
0000 - 16 03 01 00 f4 01 00 00-f0 03 03 30 82 42 6c 52 ...........0.BlR
0010 - 89 2e 4d 14 26 64 6d b0-f2 a3 ac 0f 15 b3 99 7d ..M.&dm........}
0020 - 05 f7 74 76 25 fd 6d 1a-2b 68 14 00 00 84 c0 30 ..tv%.m.+h.....0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a3 00 9f 00 6b .,.(.$.........k
0040 - 00 6a 00 39 00 38 00 88-00 87 c0 32 c0 2e c0 2a .j.9.8.....2...*
0050 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 2f .&.......=.5.../
0060 - c0 2b c0 27 c0 23 c0 13-c0 09 00 a2 00 9e 00 67 .+.'.#.........g
0070 - 00 40 00 33 00 32 00 9a-00 99 00 45 00 44 c0 31 .@.3.2.....E.D.1
0080 - c0 2d c0 29 c0 25 c0 0e-c0 04 00 9c 00 3c 00 2f .-.).%.......<./
0090 - 00 96 00 41 c0 12 c0 08-00 16 00 13 c0 0d c0 03 ...A............
00a0 - 00 0a 00 07 c0 11 c0 07-c0 0c c0 02 00 05 00 04 ................
00b0 - 00 ff 01 00 00 43 00 0b-00 04 03 00 01 02 00 0a .....C..........
00c0 - 00 0a 00 08 00 19 00 18-00 16 00 17 00 23 00 00 .............#..
00d0 - 00 0d 00 20 00 1e 06 01-06 02 06 03 05 01 05 02 ... ............
00e0 - 05 03 04 01 04 02 04 03-03 01 03 02 03 03 02 01 ................
00f0 - 02 02 02 03 00 0f 00 01-01 .........
read from 0x2219f20 [0x225bc50] (7 bytes => 7 (0x7))
0000 - 48 54 54 50 2f 31 2e HTTP/1.
140024920639328:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 249 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
Rebuild Wget with Latest Version
>wget http://ftp.gnu.org/gnu/wget/wget-1.19.tar.gz
Exception:
configure: error: Package requirements (gnutls) were not met:
No package 'gnutls' found
Solution:
>sudo yum install gnutls
>./configure --with-ssl=openssl
>make clean
>./configure --prefix=/usr --with-ssl=openssl
make and make install to have the latest version
>wget -V
GNU Wget 1.19 built on linux-gnu.
-cares +digest -gpgme +https +ipv6 -iri +large-file -metalink +nls
+ntlm +opie -psl +ssl/openssl
OpenSSL version
>openssl version
OpenSSL 1.0.1k-fips 8 Jan 2015
On MAC the Exception is different
OpenSSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
>wget -V
GNU Wget 1.16 built on darwin14.3.0.
>openssl version
OpenSSL 0.9.8zh 14 Jan 2016
On CentOS the Exception
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
>wget -V
GNU Wget 1.19 built on linux-gnu.
>openssl version
OpenSSL 1.0.1k-fips 8 Jan 2015
Let me first Work on the MAC
upgrade the openssl version to latest
>wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz
Unzip and directly make and make install
>openssl version
OpenSSL 1.1.0f 25 May 2017
Still have Exceptions
>openssl s_client -connect xxxx.com:443 -debug
CONNECTED(00000005)
write to 0x7f9f76e00340 [0x7f9f7800fe00] (176 bytes => 176 (0xB0))
0000 - 16 03 01 00 ab 01 00 00-a7 03 03 3b c9 85 56 3c ...........;..V<
0010 - ce 71 b8 ef a6 f9 ec 69-41 9e 96 85 04 72 5a ee .q.....iA....rZ.
0020 - 8f a3 6f 9b f5 a9 81 ba-8f 9a 9d 00 00 38 c0 2c ..o..........8.,
0030 - c0 30 00 9f cc a9 cc a8-cc aa c0 2b c0 2f 00 9e .0.........+./..
0040 - c0 24 c0 28 00 6b c0 23-c0 27 00 67 c0 0a c0 14 .$.(.k.#.'.g....
0050 - 00 39 c0 09 c0 13 00 33-00 9d 00 9c 00 3d 00 3c .9.....3.....=.<
0060 - 00 35 00 2f 00 ff 01 00-00 46 00 0b 00 04 03 00 .5./.....F......
0070 - 01 02 00 0a 00 0a 00 08-00 1d 00 17 00 19 00 18 ................
0080 - 00 23 00 00 00 0d 00 20-00 1e 06 01 06 02 06 03 .#..... ........
0090 - 05 01 05 02 05 03 04 01-04 02 04 03 03 01 03 02 ................
00a0 - 03 03 02 01 02 02 02 03-00 16 00 00 00 17 ..............
00b0 - <SPACES/NULS>
read from 0x7f9f76e00340 [0x7f9f78006a03] (5 bytes => 5 (0x5))
0000 - 48 54 54 50 2f HTTP/
140736693289920:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:252:
It is not fixed on MAC.
Let me try On CentOS
Same issue, it does not fixed anything.
Get some information from my colleagues, maybe the file does not exist on the remote server or maybe the remote server is not well set up.
References:
https://help.directadmin.com/item.php?id=119
http://www.linuxfromscratch.org/blfs/view/svn/basicnet/wget.html
http://blog.techstacks.com/2010/03/3-common-causes-of-unknown-ssl-protocol-errors-with-curl.html
https://stackoverflow.com/questions/15166950/unable-to-establish-ssl-connection-how-do-i-fix-my-ssl-cert
http://ftp.gnu.org/gnu/wget/
http://mac-dev-env.patrickbougie.com/openssl/
WGET issue:
>wget -nv -O ./2204.xml.gz 'https://xxxxx.com/feed.xml.gz'
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.
>openssl s_client -connect xxxxx.com:443 -debug
CONNECTED(00000003)
write to 0x2219f20 [0x22566f0] (249 bytes => 249 (0xF9))
0000 - 16 03 01 00 f4 01 00 00-f0 03 03 30 82 42 6c 52 ...........0.BlR
0010 - 89 2e 4d 14 26 64 6d b0-f2 a3 ac 0f 15 b3 99 7d ..M.&dm........}
0020 - 05 f7 74 76 25 fd 6d 1a-2b 68 14 00 00 84 c0 30 ..tv%.m.+h.....0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a3 00 9f 00 6b .,.(.$.........k
0040 - 00 6a 00 39 00 38 00 88-00 87 c0 32 c0 2e c0 2a .j.9.8.....2...*
0050 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 2f .&.......=.5.../
0060 - c0 2b c0 27 c0 23 c0 13-c0 09 00 a2 00 9e 00 67 .+.'.#.........g
0070 - 00 40 00 33 00 32 00 9a-00 99 00 45 00 44 c0 31 .@.3.2.....E.D.1
0080 - c0 2d c0 29 c0 25 c0 0e-c0 04 00 9c 00 3c 00 2f .-.).%.......<./
0090 - 00 96 00 41 c0 12 c0 08-00 16 00 13 c0 0d c0 03 ...A............
00a0 - 00 0a 00 07 c0 11 c0 07-c0 0c c0 02 00 05 00 04 ................
00b0 - 00 ff 01 00 00 43 00 0b-00 04 03 00 01 02 00 0a .....C..........
00c0 - 00 0a 00 08 00 19 00 18-00 16 00 17 00 23 00 00 .............#..
00d0 - 00 0d 00 20 00 1e 06 01-06 02 06 03 05 01 05 02 ... ............
00e0 - 05 03 04 01 04 02 04 03-03 01 03 02 03 03 02 01 ................
00f0 - 02 02 02 03 00 0f 00 01-01 .........
read from 0x2219f20 [0x225bc50] (7 bytes => 7 (0x7))
0000 - 48 54 54 50 2f 31 2e HTTP/1.
140024920639328:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 249 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
Rebuild Wget with Latest Version
>wget http://ftp.gnu.org/gnu/wget/wget-1.19.tar.gz
Exception:
configure: error: Package requirements (gnutls) were not met:
No package 'gnutls' found
Solution:
>sudo yum install gnutls
>./configure --with-ssl=openssl
>make clean
>./configure --prefix=/usr --with-ssl=openssl
make and make install to have the latest version
>wget -V
GNU Wget 1.19 built on linux-gnu.
-cares +digest -gpgme +https +ipv6 -iri +large-file -metalink +nls
+ntlm +opie -psl +ssl/openssl
OpenSSL version
>openssl version
OpenSSL 1.0.1k-fips 8 Jan 2015
On MAC the Exception is different
OpenSSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
>wget -V
GNU Wget 1.16 built on darwin14.3.0.
>openssl version
OpenSSL 0.9.8zh 14 Jan 2016
On CentOS the Exception
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
>wget -V
GNU Wget 1.19 built on linux-gnu.
>openssl version
OpenSSL 1.0.1k-fips 8 Jan 2015
Let me first Work on the MAC
upgrade the openssl version to latest
>wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz
Unzip and directly make and make install
>openssl version
OpenSSL 1.1.0f 25 May 2017
Still have Exceptions
>openssl s_client -connect xxxx.com:443 -debug
CONNECTED(00000005)
write to 0x7f9f76e00340 [0x7f9f7800fe00] (176 bytes => 176 (0xB0))
0000 - 16 03 01 00 ab 01 00 00-a7 03 03 3b c9 85 56 3c ...........;..V<
0010 - ce 71 b8 ef a6 f9 ec 69-41 9e 96 85 04 72 5a ee .q.....iA....rZ.
0020 - 8f a3 6f 9b f5 a9 81 ba-8f 9a 9d 00 00 38 c0 2c ..o..........8.,
0030 - c0 30 00 9f cc a9 cc a8-cc aa c0 2b c0 2f 00 9e .0.........+./..
0040 - c0 24 c0 28 00 6b c0 23-c0 27 00 67 c0 0a c0 14 .$.(.k.#.'.g....
0050 - 00 39 c0 09 c0 13 00 33-00 9d 00 9c 00 3d 00 3c .9.....3.....=.<
0060 - 00 35 00 2f 00 ff 01 00-00 46 00 0b 00 04 03 00 .5./.....F......
0070 - 01 02 00 0a 00 0a 00 08-00 1d 00 17 00 19 00 18 ................
0080 - 00 23 00 00 00 0d 00 20-00 1e 06 01 06 02 06 03 .#..... ........
0090 - 05 01 05 02 05 03 04 01-04 02 04 03 03 01 03 02 ................
00a0 - 03 03 02 01 02 02 02 03-00 16 00 00 00 17 ..............
00b0 - <SPACES/NULS>
read from 0x7f9f76e00340 [0x7f9f78006a03] (5 bytes => 5 (0x5))
0000 - 48 54 54 50 2f HTTP/
140736693289920:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:252:
It is not fixed on MAC.
Let me try On CentOS
Same issue, it does not fixed anything.
Get some information from my colleagues, maybe the file does not exist on the remote server or maybe the remote server is not well set up.
References:
https://help.directadmin.com/item.php?id=119
http://www.linuxfromscratch.org/blfs/view/svn/basicnet/wget.html
http://blog.techstacks.com/2010/03/3-common-causes-of-unknown-ssl-protocol-errors-with-curl.html
https://stackoverflow.com/questions/15166950/unable-to-establish-ssl-connection-how-do-i-fix-my-ssl-cert
http://ftp.gnu.org/gnu/wget/
http://mac-dev-env.patrickbougie.com/openssl/
扫一扫
2613
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
