[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

SSL problem/help

Hello All,

I am having trouble connecting to a https url from machine A but not from machine B.

Both machines are on the same network, but machine A is debian-testing and machine B is ubuntu 10.04. (both 64bit)

It is a perl script that is doing the connecting (same script on both machines), on machine A it was reporting:
  "500 Can't connect to api.channeladvisor.com:443 "
 ... but not failing at all on B

After doing some investigating, it seems the error message is abit misleading, as I CAN connect to the host on port 443 .. some more investigation shows that when I run this:

  openssl s_client -host api.channeladvisor.com -port 443

.. on machine B, I see nothing worrying and I can "GET /" the html page. (it's a forbidden page, but it returns none the less)

.. but on machine A, I get the following error:

  no peer certificate available

After some more investigation I found that if I add "-cipher 3DES" to the command so it becomes:

  openssl s_client -host api.channeladvisor.com -port 443 -cipher 3DES

It works! :)

So this leaves me with a few questions/concerns.

Why do I have to add the "-cipher" switch to get this to work?

I am guessing there is slight problem with the cert at "api.channeladvisor.com" as not all https sites have this problem ... with that in mind I guess "testing" has been updated with stricter SSL processing.... or is this a bug?

If this is a bug I would like to report it
.. or ...
Does anyone know how to the "loosen" the SSL processing rules so the cert at api.channeladvisor.com is deemed valid?

I don't really know what I am doing but I can use google and the command line.. so sorry if I missed any important detail or broke a list rule somehow... i am just abit stuck :(


PS. I have tried this on gentoo and centos and all seem to be ok .. just "testing" seems to display this problem

Reply to: