问题描述
我确实要求https://bank.gov.ua
my $ua = Mojo::UserAgent->new;
$ua->get("https://bank.gov.ua/NBUStatService/v1/statdirectory/exchange?valcode=EUR&date=$date_Now&json");
并得到错误:
DEBUG: .../IO/Socket/SSL.pm:3010: new ctx 146452496
DEBUG: .../IO/Socket/SSL.pm:1638: don't start handshake: IO::Socket::SSL=GLOB(0xc955978)
DEBUG: .../IO/Socket/SSL.pm:787: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:829: using SNI with hostname bank.gov.ua
DEBUG: .../IO/Socket/SSL.pm:864: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:894: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:897: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:907: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:894: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:897: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:900: local error: SSL connect attempt Failed
DEBUG: .../IO/Socket/SSL.pm:903: fatal SSL error: SSL connect attempt Failed
DEBUG: .../IO/Socket/SSL.pm:3059: free ctx 146452496 open=
DEBUG: .../IO/Socket/SSL.pm:3063: free ctx 146452496 callback
DEBUG: .../IO/Socket/SSL.pm:3070: OK free ctx 146452496
我可以从此主机向curl请求以提供没有问题的url。
我通过IO :: Socket :: SSL(Mojo :: UserAgent)执行此操作时是否知道什么问题?
解决方法
这个服务器很奇怪:
- 使用服务器
openssl s_client -connect bank.gov.ua:443的第一个请求失败,服务器仅关闭连接即可:“ SSL握手已读取0字节并写入303字节” - Mojo :: UserAgent代码也失败了
- 使用显式TLS 1.2进行请求成功:
openssl s_client -connect bank.gov.ua:443 -tls1_2 - 再次尝试第一个请求也成功
- Mojo :: UserAgent代码现在也成功
我唯一的解释是某些防火墙或负载平衡器,如果看到有效的TLS ClientHello,则会暂时将IP地址白名单-并且认为TLS 1.3无效。