php - Ubuntu cUrl/OpenSSL handshake failure with fritzbox -


i tried use simple php script on vps insert data fritz.box (6360 cable).

anotherserver.net valid no-ip adress fritzbox (and fritzbox can accessed public).

the php script tries curl server ssl session, however, ends in handshake error. tried simple curl command can see below. curl command ends in same error. confusingly, -k/--insecure switch won't change that. secondly, openssl command can see more below works totally fine.

root@server:/var/www/mycurl# curl -v -l  --sslv3  --cacert cert_file.pem https://anotherserver.net rebuilt url to: https://anotherserver.net/ hostname not found in dns cache trying 37.xxx.xxx.xx... connected anotherserver.net (37.xxx.xxx.xx) port 443 (#0) set certificate verify locations: cafile: cert_file.pem capath: /etc/ssl/certs sslv3, tls handshake, client hello (1): sslv3, tls alert, server hello (2): error:14094410:ssl routines:ssl3_read_bytes:sslv3 alert handshake failure closing connection 0 curl: (35) error:14094410:ssl routines:ssl3_read_bytes:sslv3 alert handshake failure

openssl:

root@server:/var/www/mycurl# openssl s_client -connect anotherserver.net:443 -cafile cert_file.pem connected(00000003) depth=0 cn = anotherserver.net verify return:1 --- certificate chain  0 s:/cn=anotherserver.net    i:/cn=anotherserver.net --- server certificate -----begin certificate----- miiduzccaqogawibagijanstbhtxe9wfma0gcsqgsib3dqebbquambkxfzavbgnv bamtdmjqyxv4lmrkbnmubmv0mb4xdte0mdgxode1ntq0m1oxdtm4mdexnte1ntq0 m1owgtexmbuga1ueaxmoymphdxguzgrucy5uzxqwggeima0gcsqgsib3dqebaqua a4ibdwawggekaoibaqcy2fxzvufe1znusb5wxzrn3mhik9a2e+irbro9v7mq4rso fu1vyb0bp71r6vkcxunv7fp5nqnsmw6leijxkpjl6cla1lyp+e05schyfhcado7n /u3rpa2oc4oddh457zieuvizomxo2dgckjhjc8i2jtbyitcrbrvrxxudlrdsantn itd65clwvuolhkrxkqxkdfz7wj0xsdv4i5ttmocbb6lmd4yegtyxt2vwz6wrax1k l1yhslpxhqk+2wdfc42jdfyw4nvhbntrf7dc/pry9oi7rk1jxt9y8grt1xujl768 qjbrj2jc8ukicr9c6s02oikiidfpybryptwdkkt5agmbaagjggeemiibadadbgnv hq4efgqucsdrklzjgvumg25sgtdtbimwgz0wsqydvr0jbeiwqiaucsdrklzjgvum g25sgtdtbimwgz2hhaqbmbkxfzavbgnvbamtdmjqyxv4lmrkbnmubmv0ggka1jnu fnd71z8wdaydvr0tbauwaweb/zcbhqydvr0raqh/bhsweyioymphdxguzgrucy5u zxschgp6ohl6bxjsadvlctn4b2yubxlmcml0ei5uzxscewzyaxr6lmzvbndsyw4u ym94gglmcml0ei5ib3icdxd3dy5mcml0ei5ib3icc215znjpdhouym94gg93d3cu bxlmcml0ei5ib3gwdqyjkozihvcnaqefbqadggebaj5la2+3z2svwkorwmjlw3kk 3iz749hdak9gzyalp0hb5sshwjw6h20dedlsj4yo8rvsfw3tknosooylfdbg7ips orelil9ntqwns9djp2doeowphaacmyoudksovef0e6qfo9klkkau8temzuqsqsq2 p1mcfhx86pna8dlfg8hcmhw+avp/i889rlrp7zjtwiypy/pugpufhk34pnhegvg7 y2+bwnnaxvxvtefydbvpxsiudaegkqozybe1ajhv1b7y/esdx1levxoqpdu2juzt y2i9kr76r6eukmxiyibccgc8pn7dskql8m/xxxda6z6+zh8t32krhce0pern8yc= -----end certificate----- subject=/cn=anotherserver.net issuer=/cn=anotherserver.net --- no client certificate ca names sent --- ssl handshake has read 1109 bytes , written 631 bytes --- new, tlsv1/sslv3, cipher rc4-sha server public key 2048 bit secure renegotiation not supported compression: none expansion: none ssl-session:     protocol  : tlsv1     cipher    : rc4-sha     session-id: a93d457b5df416dfa40f5934b6c2fc2e6365266104b3300b873e5fc89759e395     session-id-ctx:     master-key: 790abdc0b114c882b69fba693712c08aa43ea409b242f0b2e92eb953a8bc71dd16527f8b3561206a21fd11e7ea8dc04e     key-arg   : none     psk identity: none     psk identity hint: none     srp username: none     start time: 1408397806     timeout   : 300 (sec)     verify return code: 0 (ok) ---

my servers openssl version is:

root@server:/var/www/mycurl# openssl version openssl 1.0.1f 6 jan 2014

my servers curl version is:

root@server:/var/www/mycurl# curl --version curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 openssl/1.0.1f zlib/1.2.8 libidn/1.28 librtmp/2.3 protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp features: asynchdns gss-negotiate idn ipv6 largefile ntlm ntlm_wb ssl libz tls-srp

the openssl version of fritz.box seems 0.98.

edit 19.08.2014: cert_file.pem in fact bjaux.ddns.net.pem - cert file of "another server" (which bjaux.ddns.net), downloaded google chrome given site. tried rename bjaux-ddns-net.pem, curl won't work. please notice, openssl s_client returns verify return code 0 - openssl s_client works. totally. , worked since ever. it's curl command get's handshake problem.

the server @ fritz!box seems support 2 ciphers: rc4-sha , rc4-md5. while openssl s_client offers these ciphers, curl not. looks they've explicitly removed rc4 ciphers, see http://curl.haxx.se/mail/tracker-2014-03/0014.html.

if explicitly add --ciphers 'rc4-sha' options connection succeed.


Comments

Post a Comment

Popular posts from this blog

java - How to specify maven bin in eclipse maven plugin? -

i have eclipse maven plugin coming on centos. how can execute maven command on linx like: mvn clean package [abigail@localhost ~]$ mvn bash: mvn: command not found how should specify path executable of maven plugin in eclipse? or have install maven seperately? thanks. eclipse (m2e) have bundled central parts of maven inside eclipse plugin, why not detected, , not usable. investigation find correct way bootstrap it, have create launcher file manually. if want run maven outside of eclipse, far better off standalone version of maven. mvn command bootstrap maven runtime system correctly, , secondly, able use advice concerning use of maven. maven binaries quite stable, wouldn't need upgrade upgrade eclipse. you can subsequently switch eclipse use external installation if prefer.
Read more

single sign on - Logging into Plone site with credentials passed through HTTP -

i using plone 4.3.3 , new plone development. here trying achieve: i have site going redirect plone site. in http url line redirects plone site pass username whereas plone site should automatically log user username in without asking credentials password. not care safety or encryption @ point. how achieve that? (i guess need somehow modify existing login view, how do that?) thanks. i had same problem , @ end i've developed own pas plugin. i've followed next steps: create pas plugin implement extractcredentials method following this example implement authenticatecredentials method following this example add plugin develop section in build.conf. start plone , open zope console. go acl_users folder , add plugin pas system there examples here can use templates.
Read more

php - Why does AJAX not process login form? -

i writing simple login script in php form. can't work. there wrong ajax. when click submit button doesn't anything. this login html form: <form id="login_form"> <input type="text" class="input_field" name="username" id="username" value="gebruikersnaam" onclick="if(value=='gebruikersnaam'){ this.value='' }"/> <input type="password" class="input_field" name="password" id="password"/> <input type="submit" class="login_button" id="login_button" value="ga door"/> </form> this ajax: $(document).ready(function(){ $("#login_form").submit(function() { $.ajax({ type: "post", url: 'php/login_check.php', data: $("#login_form").serialize(), // serializes form...
Read more