Hey DA Community,
Last night i did a server upgrade and somehow, curl/ openssl seem to not playing nice anymore.
And since a client needs to contact his gateway provider:
This gives me a headache:
curl -v https://www.mollie.com
( This command fails 7 out of 20 times with an error code curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.mollie.com:443 )
Will give me this output:
* Trying 87.233.95.2:443...
* TCP_NODELAY set
* Connected to www.mollie.com (87.233.95.2) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.mollie.com:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.mollie.com:443
And openssl:
openssl s_client -connect www.mollie.com:443
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1572073270
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
Curl version:
curl 7.66.0
curl 7.66.0 (x86_64-pc-linux-gnu) libcurl/7.66.0 OpenSSL/1.0.2k-fips zlib/1.2.7 nghttp2/1.39.2
Release-Date: 2019-09-11
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL UnixSockets
So somehow i get the feeling this is version related or protocol version related, als my backups with curl/ ssl are also failing now.
Does anybody have a idea on which way to go ?
(Oh and as a sidenote, almost every other url i try with curl, doesnt give me an error !?)
Last night i did a server upgrade and somehow, curl/ openssl seem to not playing nice anymore.
And since a client needs to contact his gateway provider:
This gives me a headache:
curl -v https://www.mollie.com
( This command fails 7 out of 20 times with an error code curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.mollie.com:443 )
Will give me this output:
* Trying 87.233.95.2:443...
* TCP_NODELAY set
* Connected to www.mollie.com (87.233.95.2) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.mollie.com:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.mollie.com:443
And openssl:
openssl s_client -connect www.mollie.com:443
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1572073270
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
Curl version:
curl 7.66.0
curl 7.66.0 (x86_64-pc-linux-gnu) libcurl/7.66.0 OpenSSL/1.0.2k-fips zlib/1.2.7 nghttp2/1.39.2
Release-Date: 2019-09-11
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL UnixSockets
So somehow i get the feeling this is version related or protocol version related, als my backups with curl/ ssl are also failing now.
Does anybody have a idea on which way to go ?
(Oh and as a sidenote, almost every other url i try with curl, doesnt give me an error !?)