Периодически (бывает, что все работает) не открываются некоторые https сайты. Сертификат и echo запросы нормально проходят. Есть подозрение, что по ходу маршрута портятся хедеры. Что можно сделать? Провайдер ростелеком. С другого провайдера все норм. Обычно я на это дело забивал, но сегодня из-за этого встала работа.
Пример.
curl -vL crbug.com [35 ]
* Rebuilt URL to: crbug.com/
* Trying 74.125.248.71...
* Connected to crbug.com (74.125.248.71) port 80 (#0)
> GET / HTTP/1.1
> Host: crbug.com
> User-Agent: curl/7.50.1
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< Location: https://crbug.com/
< Connection: close
< Cache-Control: no-cache
< Pragma: no-cache
<
* Closing connection 0
* Issue another request to this URL: 'https://crbug.com/'
* Trying 74.125.248.71...
* Connected to crbug.com (74.125.248.71) port 443 (#1)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / DHE-RSA-AES256-SHA
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=build.chromium.org
* start date: Mar 15 14:25:03 2016 GMT
* expire date: Dec 15 00:00:00 2016 GMT
* subjectAltName: host "crbug.com" matched cert's "crbug.com"
* issuer: C=US; O=Google Inc; CN=Google Internet Authority G2
* SSL certificate verify ok.
> GET / HTTP/1.1
> Host: crbug.com
> User-Agent: curl/7.50.1
> Accept: */*
>
< HTTP/1.1 302 Found
< Date: Wed, 31 Aug 2016 17:45:27 GMT
< Server: Apache
< Location: https://bugs.chromium.org/p/chromium/
< Vary: Accept-Encoding
< Content-Length: 221
< Content-Type: text/html; charset=iso-8859-1
< Strict-Transport-Security: max-age=15811200
<
* Ignoring the response-body
* Connection #1 to host crbug.com left intact
* Issue another request to this URL: 'https://bugs.chromium.org/p/chromium/'
* Trying 108.177.14.121...
* Connected to bugs.chromium.org (108.177.14.121) port 443 (#2)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* Unknown SSL protocol error in connection to bugs.chromium.org:443
* Closing connection 2
curl: (35) Unknown SSL protocol error in connection to bugs.chromium.org:443