问题描述:

I'm getting a timeout trying to consume UPS's online tools API through PHP + Curl. This issue started happening this morning. I can reproduce the issue using Curl directly on Ubuntu 14.04 from bash. However, on Ubuntu 16.04, I can connect without any issues.

UPS support wasn't particularly helpful:

Which of these servers that have been completed to the TLS 1.2 migration is not known. It is suggested to make sure that your security protocol is enabled for TLS 1.0, 1.1 and 1.2 for the time being. Though having the full stack, should minimized problems, as negotiation will utilizes highest agreed upon supported protocol by both parties.

Here's the verbose output on 14.04:

[email protected]:/etc/ssl/certs# curl https://onlinetools.ups.com -v

* Rebuilt URL to: https://onlinetools.ups.com/

* Hostname was NOT found in DNS cache

* Trying 153.2.228.76...

* connect to 153.2.228.76 port 443 failed: Connection timed out

* Trying 153.2.224.76...

* After 86387ms connect time, move on!

* connect to 153.2.224.76 port 443 failed: Connection timed out

* Failed to connect to onlinetools.ups.com port 443: Connection timed out

* Closing connection 0

curl: (7) Failed to connect to onlinetools.ups.com port 443: Connection timed out

If I simply try to connect via OpenSSL, it also times out:

[email protected]:/etc/ssl/certs# openssl s_client -connect onlinetools.ups.com:443

Any ideas what the problem is? Pointers on troubleshooting? Are you also having issue with this UPS API from Ubuntu 14.04?

Here are the versions of relevant libraries:

  1. Curl: tried both 7.50, with OpenSSL/1.0.2h; 7.35, withOpenSSL/1.0.1f
  2. OpenSSL: tried 1.0.2h and 1.0.1f

I tried pulling the cacerts from haxx.se and pointed Curl to it using the --cacerts arg, no luck.

I'm pretty much at a loss here ... what am I missing?

网友答案:

Connection time out is a TCP level problem and not a SSL/TLS problem. It is simply that it cannot connect to the host. You would not even manage to get a telnet or netcat to the peer in this case. Depending on how much targets are affected by the problem it might be a firewall or router problem on the targets end (i.e. only this target affected) or some general network issue on your end (i.e. most hosts do not work).

相关阅读:
Top