web-dev-qa-db-fra.com

Quand j'essaie de curl un site Web, j'obtiens une erreur SSL

J'ai installé Ubuntu 20 sur mon VPS. C'est pourquoi j'essaie de faire:

curl -v https://imenik.tportal.hr/show?action=pretraga&type=bijeleStranice
[1] 438975
root@vps:/var/www/html/tportal# *   Trying 195.29.166.100:443...
* TCP_NODELAY set
* Connected to imenik.tportal.hr (195.29.166.100) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS alert, protocol version (582):
* error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
* Closing connection 0
curl: (35) error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

Mais quand j'essaye comme ça, ça marche un peu

curl -v http://imenik.tportal.hr/show?action=pretraga&type=bijeleStranice
[1] 438977
root@vps:/var/www/html/tportal# *   Trying 195.29.166.100:80...
* TCP_NODELAY set
* Connected to imenik.tportal.hr (195.29.166.100) port 80 (#0)
> GET /show?action=pretraga HTTP/1.1
> Host: imenik.tportal.hr
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 16 Jun 2020 07:44:32 GMT
< Server: Apache/2.2.3 (CentOS)
< Location: https://imenik.tportal.hr/show?action=pretraga
< Content-Length: 336
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://imenik.tportal.hr/show?action=pretraga">here</a>.</p>
<hr>
<address>Apache/2.2.3 (CentOS) Server at imenik.tportal.hr Port 80</address>
</body></html>
* Closing connection 0

Je ne trouve pas de solution à ce problème SSL

5
Misko Mali

Modifier le openssl.conf fichier:

Sudo nano /etc/ssl/openssl.cnf

Ajouter cette ligne en haut:

openssl_conf = openssl_init

Et ajoutez ces lignes à la fin:

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
CipherString = DEFAULT@SECLEVEL=1

Ça marche pour moi. :)

1
WHY