« CURL with GoDaddy | Home | DynaPDF PDF/A »

More SSL Trouble


Today we had a client who wants to use our MBS Plugins to list a directory on a FTP server. It works well without encryption, but fails with SSL. The questions why?

First thing was to enable verbose (OptionVerbose) to see log and got those messages:

AUTH SSL
500 This security scheme is not implemented
AUTH TLS
234 AUTH TLS OK.
SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS alert, Server hello (2):
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

So the server does not support SSL, but only TLS. And for TLS we got a handshake error, probably because we started with SSLv2. Because with OptionSSLCipherList set to "SSLv3", we got further a step:

SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS alert, Server hello (2):
SSL certificate problem: unable to get local issuer certificate

Now we just need to disable verification of peer and host or provide the right certificate and it works!
Just one of the new challenges we got recently. Due to bugs in SSL, a lot of servers disable SSL and only allow via TLS.
20 11 14 - 11:29
No comments

  
Remember personal info?

Emoticons / Textile


Notify:
Hide email:

Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.