我在运行Centos 5.11的服务器上运行一个网站 – EOL现在我知道,但升级是不可能的一段时间。 该网站运行与Paypal集成的Sellerdeck软件进行支付。
在接下来的一个月左右,PayPal将要求我使用TLS 1.2 [1]来连接它们,这是5.11(0.9.8b)中安装的默认OpenSSL版本所不支持的。
我遵循指示[2]安装第二版的OpenSSL,第二版的Curl链接到新版本的OpenSSL,它将支持TLS 1.2,但它仍然没有通过贝宝testing。
在/ usr / local /中使用OpenSSL 1.0.2k的Centos 5.11
/usr/local/bin/curl https://tlstest.paypal.com curl: (35) Unknown SSL protocol error in connection to tlstest.paypal.com:443 CentOS 6.9与OpenSSL 1.0.1e-fips
curl https://tlstest.paypal.com PayPal_Connection_OK
任何人都可以帮助指出我正确的方向,为什么连接不与更新的OpenSSL?
非常感谢
凯文
1 – https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1914&viewlocale=zh_CN
2 – https://miteshshah.github.io/linux/centos/how-to-enable-openssl-1-0-2-a-tlsv1-1-and-tlsv1-2-on-centos-5-and- RHEL5 /
详细的非工作输出:
/usr/local/bin/curl -Ivvv https://tlstest.paypal.com * Rebuilt URL to: https://tlstest.paypal.com/ * Trying 23.67.159.210... * Connected to tlstest.paypal.com (23.67.159.210) port 443 (#0) * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.0, TLS handshake, Client hello (1): * Unknown SSL protocol error in connection to tlstest.paypal.com:443 * Closing connection 0 curl: (35) Unknown SSL protocol error in connection to tlstest.paypal.com:443
详细的工作输出:
curl -Ivvv https://tlstest.paypal.com * About to connect() to tlstest.paypal.com port 443 (#0) * Trying 23.214.50.150... connected * Connected to tlstest.paypal.com (23.214.50.150) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=tlstest.paypal.com,OU=CDN Support,O="PayPal, Inc.",STREET=2211 N 1st St,L=San Jose,ST=California,postalCode=95131-2021,C=US,serialNumber=3014267,businessCategory=Private Organization,incorporationState=Delaware,incorporationCountry=US * start date: Nov 06 00:00:00 2015 GMT * expire date: Oct 26 23:59:59 2017 GMT * common name: tlstest.paypal.com * issuer: CN=Symantec Class 3 EV SSL CA - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US > HEAD / HTTP/1.1 > User-Agent: curl/7.19.7 (i386-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: tlstest.paypal.com > Accept: */* > < HTTP/1.1 200 OK HTTP/1.1 200 OK < Content-Type: text/html Content-Type: text/html < Content-Length: 20 Content-Length: 20 < Date: Sat, 06 May 2017 12:58:47 GMT Date: Sat, 06 May 2017 12:58:47 GMT < Connection: keep-alive Connection: keep-alive < * Connection #0 to host tlstest.paypal.com left intact * Closing connection #0
哈,谢谢哈坎,那么简单。
ldd / usr / local / bin / curl显示新的curl 没有被链接到新的OpenSSL(用完了滚动缓冲区拷贝到这里)。
我重新运行configure,make和make curl安装:
ldd /usr/local/bin/curl linux-gate.so.1 => (0xb77be000) libcurl.so.4 => /usr/local/lib/libcurl.so.4 (0xb7764000) libssl.so.1.0.0 => /usr/local/ssl/lib/libssl.so.1.0.0 (0xb76fe000) libcrypto.so.1.0.0 => /usr/local/ssl/lib/libcrypto.so.1.0.0 (0xb7560000) libz.so.1 => /lib/libz.so.1 (0xb754d000) librt.so.1 => /lib/librt.so.1 (0xb7543000) libc.so.6 => /lib/libc.so.6 (0xb73e7000) libidn.so.11 => /usr/lib/libidn.so.11 (0xb73b6000) libdl.so.2 => /lib/libdl.so.2 (0xb73b1000) libpthread.so.0 => /lib/libpthread.so.0 (0xb7397000) /lib/ld-linux.so.2 (0xb77bf000)
现在它工作:
/usr/local/bin/curl https://tlstest.paypal.com PayPal_Connection_OK
谢谢!