I am having trouble connecting to a https url from machine A but not
from machine B.
Both machines are on the same network, but machine A is debian-testing
and machine B is ubuntu 10.04. (both 64bit)
It is a perl script that is doing the connecting (same script on both
machines), on machine A it was reporting:
"500 Can't connect to api.channeladvisor.com:443 "
... but not failing at all on B
After doing some investigating, it seems the error message is abit
misleading, as I CAN connect to the host on port 443 .. some more
investigation shows that when I run this:
openssl s_client -host api.channeladvisor.com -port 443
.. on machine B, I see nothing worrying and I can "GET /" the html page.
(it's a forbidden page, but it returns none the less)
.. but on machine A, I get the following error:
no peer certificate available
After some more investigation I found that if I add "-cipher 3DES" to
the command so it becomes:
openssl s_client -host api.channeladvisor.com -port 443 -cipher 3DES
It works! :)
So this leaves me with a few questions/concerns.
Why do I have to add the "-cipher" switch to get this to work?
I am guessing there is slight problem with the cert at
"api.channeladvisor.com" as not all https sites have this problem ...
with that in mind I guess "testing" has been updated with stricter SSL
processing.... or is this a bug?
If this is a bug I would like to report it
.. or ...
Does anyone know how to the "loosen" the SSL processing rules so the
cert at api.channeladvisor.com is deemed valid?
I don't really know what I am doing but I can use google and the command
line.. so sorry if I missed any important detail or broke a list rule
somehow... i am just abit stuck :(
PS. I have tried this on gentoo and centos and all seem to be ok .. just
"testing" seems to display this problem