| View previous topic :: View next topic |
| Author |
Message |
Shievone
n00b
Joined: 24 Feb 2017
Posts: 5
|
 Posted: Fri Feb 24, 2017 8:19 am Post subject: SSL problem handshake failure |
 |
|
Hey all,
I have a little problem with my gentoo system. I would like to download a website via php curl or file_get_contents, but I get a error message:
PHP Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure in /srv/..../monitor.php on line 16
PHP Warning: file_get_contents(): Failed to enable crypto in /srv/..../monitor.php on line 16
PHP Warning: file_get_contents(https://www.....com): failed to open stream: operation failed in /srv/..../monitor.php on line 16
I try it curl command without php, but the error message was same.
What is wrong or problem? Can you give me a good idea to resolve my problem?
Thanks |
|
| Back to top |
|
 |
Shievone
n00b
Joined: 24 Feb 2017
Posts: 5
|
| Posted: Sat Feb 25, 2017 7:01 am Post subject: |
|
|
| Any ideas? |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21633
|
| Posted: Sat Feb 25, 2017 3:54 pm Post subject: |
|
|
| What is the output of emerge --info --verbose dev-lang/php dev-libs/openssl net-misc/curl? What is the exact curl command you executed? Is the target site able to negotiate TLS with other clients, such as your preferred browser? If so, what browser are you using? What TLS version and ciphers does the peer negotiate? |
|
| Back to top |
|
|
Shievone
n00b
Joined: 24 Feb 2017
Posts: 5
|
| Posted: Sat Feb 25, 2017 5:01 pm Post subject: |
|
|
| Hu wrote: | | What is the output of emerge --info --verbose dev-lang/php dev-libs/openssl net-misc/curl? What is the exact curl command you executed? Is the target site able to negotiate TLS with other clients, such as your preferred browser? If so, what browser are you using? What TLS version and ciphers does the peer negotiate? |
- I prefered browser is chrome.
- The target website work fine via https, and my chrome don't give problem when I visit this site.
- This is the url: https://www.emaffia.hu
| Code: |
# curl https://www.emaffia.hu
curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
|
| Code: |
# emerge --info --verbose dev-lang/php dev-libs/openssl net-misc/curl
Portage 2.3.3 (python 3.4.5-final-0, default/linux/amd64/13.0, gcc-4.9.3, glibc-2.23-r3, 4.4.6-gentoo x86_64)
=================================================================
System Settings
=================================================================
I deleted this section, but if need it, then I post.
=================================================================
Package Settings
=================================================================
dev-lang/php-5.6.26::gentoo was built with the following:
USE="apache2 berkdb bzip2 cli crypt ctype curl embed exif fileinfo filter gd gdbm hash iconv imap inifile intl ipv6 json mhash mysql mysqli nls opcache pcntl pdo phar posix postgres
readline session simplexml ssl tokenizer truetype unicode xml xmlreader xmlwriter zlib -bcmath -calendar -cdb -cgi -cjk -debug -enchant (-firebird) -flatfile -fpm -frontbase -ftp -gmp
-iodbc -kerberos -ldap -ldap-sasl -libedit -libmysqlclient (-libressl) -mssql -oci8-instant-client -odbc -qdbm -recode (-selinux) -sharedmem -snmp -soap -sockets -spell -sqlite -sybase-ct
-systemd -sysvipc -threads -tidy -vpx -wddx -xmlrpc -xpm -xslt -zip" ABI_X86="64"
dev-libs/openssl-1.0.2k::gentoo was built with the following:
USE="asm bindist sslv3 tls-heartbeat zlib -gmp -kerberos -rfc3779 -sctp -sslv2 -static-libs -test -vanilla" ABI_X86="64 -32 -x32" CPU_FLAGS_X86="sse2"
CFLAGS="-O2 -pipe -march=core2 -mtune=generic -fno-strict-aliasing -Wa,--noexecstack"
CXXFLAGS="-O2 -pipe -march=core2 -mtune=generic -fno-strict-aliasing -Wa,--noexecstack"
net-misc/curl-7.50.3::gentoo was built with the following:
USE="ipv6 ssl -adns -http2 -idn -kerberos -ldap -metalink -rtmp -samba -ssh -static-libs -test -threads" ABI_X86="64 -32 -x32" CURL_SSL="openssl -axtls -gnutls (-libressl) -mbedtls -nss -polarssl -winssl"
|
|
|
| Back to top |
|
|
Ant P.
Watchman
Joined: 18 Apr 2009
Posts: 6920
|
| Posted: Sat Feb 25, 2017 8:23 pm Post subject: |
|
|
| That curl command works fine here, but I'm using CURL_SSL=gnutls. |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21633
|
| Posted: Sat Feb 25, 2017 9:42 pm Post subject: |
|
|
| That server is hidden behind Cloudflare, a global CDN (which recently disclosed a serious security problem, but that is unlikely to matter here). As such, tests by other users might not reach the same host as tested by the OP. Qualys assigns an overall fairly positive score to the hosts it tested for that name. The peer lacks support for SSLv3, which is good, but could cause problems if your client only negotiates legacy protocol versions. |
|
| Back to top |
|
|
Shievone
n00b
Joined: 24 Feb 2017
Posts: 5
|
| Posted: Mon Feb 27, 2017 5:12 pm Post subject: |
|
|
| Hu wrote: | | That server is hidden behind Cloudflare, a global CDN (which recently disclosed a serious security problem, but that is unlikely to matter here). As such, tests by other users might not reach the same host as tested by the OP. Qualys assigns an overall fairly positive score to the hosts it tested for that name. The peer lacks support for SSLv3, which is good, but could cause problems if your client only negotiates legacy protocol versions. |
That's ok, but what can I do? Will I resolve my problem, if I use the curl command with gnutls? |
|
| Back to top |
|
|
Shievone
n00b
Joined: 24 Feb 2017
Posts: 5
|
| Posted: Tue Feb 28, 2017 5:42 pm Post subject: |
|
|
I resolved this problem.
I remove bindist use flag and rebuild openssl. Since then it is working normally. |
|
| Back to top |
|
|
Zubziro
Apprentice
Joined: 21 Sep 2005
Posts: 248
Location: Sweden
|
| Posted: Mon Feb 19, 2018 10:47 pm Post subject: |
|
|
| Shievone wrote: | I resolved this problem.
I remove bindist use flag and rebuild openssl. Since then it is working normally. |
Thank you!
I had similar failure in postfix, romoved bindist and it solved problem! |
|
| Back to top |
|
|
|
Other Things Gentoo
