I am encountering error during handshake while trying to use the certificate for HTTPS connection to apiv2.unificationengine.com/v2/user/list
Configuration Setup:
HTTPS Configuration
Certificate Used for connection:
Server Certificate
Error:
HttpClient.request: request failed: unable to establish connection to apiv2.unificationengine.com:443 - IPcon: SSL session failed with error: "SapSSLSessionStartNB()==SSSLERR_SSL_READ
SSL:SSL_read() failed (536875072/0x20001040)
=> "received a fatal SSLv3 handshake failure alert message from the peer"
>> ---- SecuSSL ErrStack: ----
0x20001040 | SAPCRYPTOLIB | SSL_read
SSL API error
received a fatal SSLv3 handshake failure alert message from the peer
0xa0600266 | SSL | ssl3_read_bytes
received a fatal SSLv3 handshake failure alert message from the peer
0xa0600266 | SSL | ssl3_read_bytes
received a fatal SSLv3 handshake failure alert message from the peer
<< ---------------------------
SSL:SSL_get_state()==0x2120 "SSLv3 read server hello A"
SSL NI-hdl 3: local=10.117.96.122:51038 peer=10.117.18.16:8080
cli SSL session PSE "#_MemPSE_#153191466869762214968424"
Target Hostname="apiv2.unificationengine.com"
"
Appreciate your help to resolve this issue. Please advise if you need more information on this.
Thanks & Best Regards,
AP
Unificationengine will support all TLS version not ssl2 or ssl3
Related
What version of gRPC and what language are you using?
#grpc/grpc-js - 1.5.10
What operating system (Linux, Windows,...) and version?
server running in a docker container on azure cloud
What did you do?
I have created a grpc server with SSL. It is a test server, where I use self signed certificates for server. The connection between server and client works fine. But I enabled the debug and trace (tcp, http) logs on the server. I keep getting handshake failed error.
I0427 12:07:40.319067700 18 tcp_server_custom.cc:224] SERVER_CONNECT: 0x7f06409cf3a0 accepted connection: ipv4:10.92.0.9:52824
I0427 12:07:40.319239300 18 tcp_custom.cc:353] Creating TCP endpoint 0x7f0640c78430
I0427 12:07:40.319432800 18 tcp_custom.cc:174] TCP:0x7f0640c78430 read_allocation_done: "No Error"
I0427 12:07:40.319503900 18 tcp_custom.cc:191] Initiating read on 0x7f0640c78430: error="No Error"
I0427 12:07:40.331081600 18 tcp_custom.cc:127] TCP:0x7f0640afea60 call_cb 0x7f0641ed57e0 0x7f0640848b90:0x7f0641ed5610
I0427 12:07:40.331206000 18 tcp_custom.cc:131] read: error={"created":"#1651061260.331064200","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":106}
D0427 12:07:40.331327300 18 security_handshaker.cc:176] Security handshake failed: {"created":"#1651061260.331311100","description":"Handshake read failed","file":"../deps/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":357,"referenced_errors":[{"created":"#1651061260.331064200","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":106}]}
I0427 12:07:40.331412400 18 tcp_custom.cc:287] TCP 0x7f0640afea60 shutdown why={"created":"#1651061260.331311100","description":"Handshake read failed","file":"../deps/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":357,"referenced_errors":[{"created":"#1651061260.331064200","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":106}]}
D0427 12:07:40.331443800 18 chttp2_server.cc:122] Handshaking failed: {"created":"#1651061260.331311100","description":"Handshake read failed","file":"../deps/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":357,"referenced_errors":[{"created":"#1651061260.331064200","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":106}]}
### Anything else we should know about your project / environment?
I have an envoy proxy also running for the grpc server to make grpc-web requests.
Node version: node:14-alpine
When I try to connect to Hyperledgerpeer with TLS enabled I get the following error. If I disable TLS it works well.
{ Error: Failed to connect before the deadline URL:grpcs://localhost:7051
at checkState (/Users/pro/fabric-client/node_modules/grpc/src/client.js:720:16) connectFailed: true }
Did anyone come across this? I have set up TLS Cert and key on docker env variables.
I recently observed some SSL errors while trying to connect to https://graph.windows.net from a Java code.
The errors are random but represent 1 error for 10 requests
Does someone has the same problem ?
It's possible to try by using the SSLPOKE utility
(https://gist.github.com/4ndrej/4547029)
We are also getting this looking at a trace in curl (curl --trace foo.txt https://graph.windows.net) when it fails it looka as though the return certificate get truncated at the same place in the return
Good Request
== Info: Connected to graph.windows.net (104.41.216.30) port 443 (#0)
== Info: successfully set certificate verify locations:
== Info: SSLv3, TLS handshake, CERT (11):
<= Recv SSL data, 4472 bytes (0x1178)
Bad Request
== Info: Connected to graph.windows.net (104.41.216.31) port 443 (#0)
== Info: successfully set certificate verify locations:
== Info: SSLv3, TLS handshake, CERT (11):
<= Recv SSL data, 3051 bytes (0xbeb)
Failing on line
0be0: 2a c7 29 46 23 58 9f 01 0f 2a b2 *.)F#X...*.
Interestingly I have been testing this more and have found this IP graph.windows.net (104.41.216.31) coming up more that once in a failed request. So not sure if that is a sick host
I am also seeing the same problem in our PHP app since 2017-02-03 13:12:00GMT
Specifically the error is:
cURL error 60: SSL certificate problem: unable to get local issuer certificate.
Happens about once every 7-10 requests.
They fixed it I think,
I had the same problem yesterday (06/02/2017) on two different servers:
requests.exceptions.SSLError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
And after doing some tests this morning it's not reproducible anymore.
I have confirmed my server is supporting tls1.2 with the help of following command.
openssl s_client -connect shop.domain.org:443 -tls1_2
The above command returned a certificate chain and handshake.
But if I check the same with Paypal it failed with following errors. I have executed it from my server.
curl https://tlstest.paypal.com
curl: (35) Unknown SSL protocol error in connection to tlstest.paypal.com:443
wget https://tlstest.paypal.com
--2016-03-07 11:48:29-- https://tlstest.paypal.com/
Resolving tlstest.paypal.com... 104.66.242.99
Connecting to tlstest.paypal.com|104.66.242.99|:443... connected.
Unable to establish SSL connection.
Can somebody explain me why my test with PayPal is failed?
To fix this issue I have modified code to the following
# php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); var_dump(curl_exec($ch));'
and it returned a value like
PayPal_Connection_OKbool(true)
I cant seem to get secure content through port 8080 to an Azure VM.
Regular SSL traffic through port 443 is fine, However when setting an endpoint for port 8080 and then trying to access it I'm receiving the following error:
handshake to www.... failed. System.IO.IOException Authentication failed because the remote party has closed the transport stream.
Firewall Inbound and Outbound rules have been created.
Certificate is the same one that is being used for port 443 traffic without any issue.
thank you for your help.
the output from openssl s_client -connect is:
CONNECTED(0000019C)
27308:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:.\ssl\s23_lib.c:177:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 321 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
error in s_client
edit (solved):
The issues seems to be a bug in NodeJS. I downgraded from 0.10.29 to 0.10.26 and now everything works as expected.