I have confirmed my server is supporting tls1.2 with the help of following command.
openssl s_client -connect shop.domain.org:443 -tls1_2
The above command returned a certificate chain and handshake.
But if I check the same with Paypal it failed with following errors. I have executed it from my server.
curl https://tlstest.paypal.com
curl: (35) Unknown SSL protocol error in connection to tlstest.paypal.com:443
wget https://tlstest.paypal.com
--2016-03-07 11:48:29-- https://tlstest.paypal.com/
Resolving tlstest.paypal.com... 104.66.242.99
Connecting to tlstest.paypal.com|104.66.242.99|:443... connected.
Unable to establish SSL connection.
Can somebody explain me why my test with PayPal is failed?
To fix this issue I have modified code to the following
# php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); var_dump(curl_exec($ch));'
and it returned a value like
PayPal_Connection_OKbool(true)
Related
I have on Windows server certificate which is valid and active and WinRM listener is active as well on port 5986 (telnet works) for WinRM connection that needs to be established from the Linux server.
I didn't copy that certificate anywhere on the linux server as I do not know where that should be or how it should be configured.
If I try to establish WinRM connection I am getting this error on the Linux server.
openssl s_client -connect 10.7.147.210:5986
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 1367 bytes and written 447 bytes
Verification error: unable to verify the first certificate
I tried by referencing CAfile and CApath and cert option but without success:
openssl s_client -cert winrmcert.pem -key winrmcert.key -CApath . -connect 10.7.147.210:5986
openssl s_client -CAfile winrmcert.pem -connect 10.7.147.210:5986
Can you please help me what I need to do and configure on Linux server for certificate generated on Windows server for WinRM connection? I am not the expert for this topic so I would appreciate all useful instructions. Thank you
OS: CentOS release 6.9 (Final)
CURL: curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Hello,
I have a host which I am trying to run a curl command from, for testing only
curl https://api.twitter.com/ -v
Returns the below
* About to connect() to api.twitter.com port 443 (#0)
* Trying 104.244.42.2... connected
* Connected to api.twitter.com (104.244.42.2) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NSS error -5961
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error
After some lengthy reading I have come to the conclusion this is possibly a SLL issue due to either my OS version or CURL version, or both!
First question would be is that right? Are there indeed known issues with this configuration?
Second, can I build from source a working combination? I am unable to update my OS due to legacy dependencies
Try with specific ssl/tls or cipher suits for example: curl --tlsv1.2 https://api.twitter.com/
Since you say this is for testing only, you could try -k to connect insecurely:
curl -k https://api.twitter.com/
Or, if you think it’s an outdated SSL cert bundle you could download a newer certificate and trust store from the internet and try that by using the --cert and --cacert options
Rebuild a fresh server running centos 7
Worked straight away no issues!
I am encountering error during handshake while trying to use the certificate for HTTPS connection to apiv2.unificationengine.com/v2/user/list
Configuration Setup:
HTTPS Configuration
Certificate Used for connection:
Server Certificate
Error:
HttpClient.request: request failed: unable to establish connection to apiv2.unificationengine.com:443 - IPcon: SSL session failed with error: "SapSSLSessionStartNB()==SSSLERR_SSL_READ
SSL:SSL_read() failed (536875072/0x20001040)
=> "received a fatal SSLv3 handshake failure alert message from the peer"
>> ---- SecuSSL ErrStack: ----
0x20001040 | SAPCRYPTOLIB | SSL_read
SSL API error
received a fatal SSLv3 handshake failure alert message from the peer
0xa0600266 | SSL | ssl3_read_bytes
received a fatal SSLv3 handshake failure alert message from the peer
0xa0600266 | SSL | ssl3_read_bytes
received a fatal SSLv3 handshake failure alert message from the peer
<< ---------------------------
SSL:SSL_get_state()==0x2120 "SSLv3 read server hello A"
SSL NI-hdl 3: local=10.117.96.122:51038 peer=10.117.18.16:8080
cli SSL session PSE "#_MemPSE_#153191466869762214968424"
Target Hostname="apiv2.unificationengine.com"
"
Appreciate your help to resolve this issue. Please advise if you need more information on this.
Thanks & Best Regards,
AP
Unificationengine will support all TLS version not ssl2 or ssl3
I've looked at several similar questions here, but none of them have helped me. I want to connect to a web service that uses single-sign-on via an RSA SecurID keyfob. I start by trying to load any cookies provided by the initial GET request. Here's my command:
curl -A "Mozilla/5.0" -L -b cookies.txt -c cookies.txt -v -X GET \
https://sso.example.com/sso/login.htm
I get this in response:
* About to connect() to sso.example.com port 443 (#0)
* Trying 23.12.245.199... connected
* Connected to sso.example.com (23.12.245.199) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to sso.example.com:443
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to sso.example.com:443
Here's what I'm using:
# curl --version
curl 7.19.7 (x86_64-suse-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8j zlib/1.2.7 libidn/1.10
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz
# more /etc/*-release
SUSE Linux Enterprise Server 11 (x86_64)
VERSION = 11
PATCHLEVEL = 3
# uname -r
3.0.101-0.21-default
Any ideas?
This is OpenSSL in your client that has a problem to understand what the server is saying and it errors out because of that.
You can sometimes work around these kinds of issues by forcing curl to speak SSLv3 (-3), TLS1.0 (-1) or even SSLv2 (-2)
... it is also conceivable that your severely outdated versions of curl and OpenSSL simply have a bug or two that cause this and that you can fix this problem by upgrading to modern versions (and then also fix the numerous security problems your versions contain).
I cant seem to get secure content through port 8080 to an Azure VM.
Regular SSL traffic through port 443 is fine, However when setting an endpoint for port 8080 and then trying to access it I'm receiving the following error:
handshake to www.... failed. System.IO.IOException Authentication failed because the remote party has closed the transport stream.
Firewall Inbound and Outbound rules have been created.
Certificate is the same one that is being used for port 443 traffic without any issue.
thank you for your help.
the output from openssl s_client -connect is:
CONNECTED(0000019C)
27308:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:.\ssl\s23_lib.c:177:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 321 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
error in s_client
edit (solved):
The issues seems to be a bug in NodeJS. I downgraded from 0.10.29 to 0.10.26 and now everything works as expected.