http-client組件ssl報(bào)錯(cuò)

Jason X 更新于2025-03-15

問題描述

這里詳細(xì)描述問題
協(xié)程環(huán)境下使用httpclient組件請求https接口，會(huì)出現(xiàn)報(bào)錯(cuò)
NOTICE Socket::ssl_connect(fd=13) to server[xx.xx.xx.xx:443] failed. Error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure[1|1040]
捕獲拋出的異常：The connection to xx.com has been closed

服務(wù)器上用openssl 測試openssl s_client -connect xxx.com:443 -servername xxx.com -tls1_2 正常
請問是否需要通過指定ssl協(xié)議版本來解決？或者是哪兒的問題。。

程序代碼

這里粘代碼

$parallelOptions = [
'max_conn_per_addr' => 100,// 每個(gè)域名最多維持多少并發(fā)連接
'keepalive_timeout' => 15,// 連接多長時(shí)間不通訊就關(guān)閉
'connect_timeout' => 30,// 連接超時(shí)時(shí)間
'timeout' => 30,// 請求發(fā)出后等待響應(yīng)的超時(shí)時(shí)間
'context' => [
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true,
'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT | STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT,
],
],
];
$requestOption = [
"method" => "GET",
'version' => '1.1',
];
$url = "https://xx.com";
$coroutineHttp = new \Workerman\Http\Client($parallelOptions);
$requestRs = $coroutineHttp->request(trim($url),$requestOption);

操作系統(tǒng)及workerman/webman等框架組件具體版本

這里寫具體的系統(tǒng)環(huán)境相關(guān)信息
PHP版本
php -v
PHP 8.1.31 (cli) (built: Mar 14 2025 18:20:13) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.31, Copyright (c) Zend Technologies

openssl版本：
OpenSSL support => enabled
OpenSSL Library Version => OpenSSL 1.1.1o 3 May 2022

openssl version
OpenSSL 1.1.1k FIPS 25 Mar 2021 (Library: OpenSSL 1.1.1o 3 May 2022)

composesr版本：
"workerman/workerman": "~5.1",
"workerman/webman-framework": "~2.1",
"workerman/http-client": "~3.0",
"webman/database": "~2.1",
"webman/redis": "~2.1"

協(xié)程環(huán)境：
'eventLoop' => Workerman\Events\Swoole::class,

 741  4 1

4個(gè)回答

luoyue 2025-03-15

我也遇到過，原因是swoole沒有開啟openssl。
編譯swoole命令：

pecl install -D 'enable-openssl="yes"' swoole

Jason X 2025-03-15

我感覺確實(shí)是ssl有點(diǎn)問題，測試請求http的接口就沒異常，但是我看phpinfo中swoole似乎已經(jīng)支持openssl了

swoole

Swoole => enabled
Author => Swoole Team team@swoole.com
Version => 5.1.5
Built => Mar 15 2025 12:34:57
coroutine => enabled with boost asm context
epoll => enabled
eventfd => enabled
signalfd => enabled
cpu_affinity => enabled
spinlock => enabled
rwlock => enabled
sockets => enabled
openssl => OpenSSL 1.1.1k FIPS 25 Mar 2021
dtls => enabled
http2 => enabled
json => enabled
pcre => enabled
zlib => 1.2.7
brotli => E16777225/D16777225
mutex_timedlock => enabled
pthread_barrier => enabled
futex => enabled
async_redis => enabled

Directive => Local Value => Master Value
swoole.display_errors => On => On
swoole.enable_coroutine => On => On
swoole.enable_fiber_mock => Off => Off
swoole.enable_library => On => On
swoole.enable_preemptive_scheduler => Off => Off
swoole.unixsock_buffer_size => 8388608 => 8388608
swoole.use_shortname => On => On
超高級的稻姬 2025-03-17

可以嘗試編譯swoole的時(shí)候，選擇更加新的openssl版本，如1.1.1或者直接使用3.x
Jason X 2025-03-17

好的，試過用1.1.1了還是不行，今天再編譯3.x的測試下看看
超高級的稻姬 2025-03-17

1.1.1的最后一個(gè)版本是1.1.1w，你現(xiàn)在的是k差了12個(gè)小版本呢
Jason X 2025-03-17

1.1.1w也實(shí)測過不行。。o(╥﹏╥)o

Jason X 2025-03-18

早上測試手動(dòng)編譯了openssl3.x也還是一樣的問題，ssl的請求都會(huì)異常（要么提示timeout，要么提示handshake failure），目前排查發(fā)現(xiàn)的是TcpConnection中這處代碼的異常

Jason X 2025-03-18

設(shè)置'eventLoop' => Workerman\Events\Fiber::class,則請求正常，設(shè)置為Workerman\Events\Swoole::class則異常，不知道是不是跟swoole的阻塞自動(dòng)協(xié)程有關(guān)系？
超高級的稻姬 2025-03-18

我去swoole的github上看了一下，5.1.6版本修復(fù)了一個(gè)tcp不支持ssl的bug這個(gè)問題可能和你的問題有關(guān)，如果你使用的是5.1.5的話可以嘗試更新一下版本，現(xiàn)在最新的是5.1.7 https://github.com/swoole/swoole-src/releases