curl: (35) 错误:0A000152:SSL例程::不安全的遗留重新协商已禁用

像curl和wget这样的命令会出现以下错误：curl: (35) error:0A000152:SSL routines::unsafe legacy renegotiation disabled。我正在使用WSL2 Ubuntu，并且在公司防火墙下。我已经将我的受信任的根CA证书导出到WSL并更新了证书。然而，当下载Jenkins、Terraform等工具时仍然遇到问题。例如，在尝试获取Jenkins时。

curl -fsSL http://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo tee   /usr/share/keyrings/jen
kins-keyring.asc > /dev/null
curl: (35) error:0A000152:SSL routines::unsafe legacy renegotiation disabled

我正在使用企业 VPN。如果没有 VPN，命令可以正常工作，但是在企业网络上使用 VPN 时，我会遇到这些错误。如果我与防火墙团队进行 SSL 绕过，则可以解决问题。不确定还有其他问题。

sudo vim /etc/ssl/openssl.cnf

`#
# OpenSSL example configuration file.
# See doc/man5/config.pod for more info.
#
# This is mostly being used for generation of certificate requests,
# but may be used for auto loading of providers

# Note that you can include other files from the main configuration
# file using the .include directive.
#.include filename

# This definition stops the following lines choking if HOME isn't
# defined.
HOME                    = .

 # Use this in order to automatically load providers.
openssl_conf = openssl_init

# Comment out the next line to ignore configuration errors
config_diagnostics = 1

# Extra OBJECT IDENTIFIER info:
# oid_file       = $ENV::HOME/.oid
oid_section = new_oids

# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions            =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)

[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
"/etc/ssl/openssl.cnf" 397L, 12419B            `