Server SSL Protocols: TLS 1.1, TLS 1.2 are enabled in the server
Works with REDCapR library which is using the same handshake protocol. I've verified the request headers with the fiddler tool. This proves that the server is accepting sslv3 alert handshakes successfully. I'm not sure why RCurl is failing for the same protocol.
Let me know if you need any more information. Thanks in advance!
Curl - Version 3.2,
RCurl - Version 1.95-4.11,
httr - Version 1.3.1,
openssl - Version 1.1
Related
I setup my jdk provider by
Security.addProvider(new BouncyCastleFipsProvider()).
Set it in the Grpc client by:
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient()
.sslProvider(SslProvider.JDK)
.applicationProtocolConfig(new ApplicationProtocolConfig(
ApplicationProtocolConfig.Protocol.ALPN,
ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
Collections.singletonList("h2")));
When trying to establish the connection, After successful ssl handshake I get:
UNAVAILABLE: Failed ALPN negotiation: Unable to find compatible protocol
Channel Pipeline: [SslHandler#0, ProtocolNegotiators$ClientTlsHandler#0, WriteBufferingAndExceptionHandler#0, DefaultChannelPipeline$TailContext#0]
I'm using grpc 1.44 version + bc-fips.jar 1.0.2 version.
Running my app by java 11.0.15 compiled by jdk1.8.0_291.jdk.
It looks like BouncyCastleFipsProvider, by its SSLParamertesUtil class, somehow remove the "h2" from the suggested application protocols list.
increasing grpc version to 1.46 didn't help.
Any suggestions please?
Thanks.
My nginx server is successfully verifying most (expected) client certificates, but some older client certificates are getting "400 Bad Request The SSL certificate error" and producing this log entry -- "client SSL certificate verify error: (68:CA signature digest algorithm too weak)"
Is there a way to allow older signature digest algorithms?
Running openssl list -digest-algorithms shows sha1RSA, but it isn't included in the TLSv1.2 - Handshake Protocol - Certificate Request Message.
Versions:
- helm chart nginx-ingress v1.1.3
- nginx-ingress-controller v0.21.0
- nginx v1.15.6
- openssl 1.1.1
-- Update --
To verify client certificates that are signed with weak digest algorithms, append #SECLEVEL=0 to your ssl_ciphers list, i.e. ssl_ciphers 'HIGH:!aNULL:!MD5#SECLEVEL=0';
discussion and openssl reference.
I don't understand the full implications of #SECLEVEL, so best solution is to push for updated client certificates!
I'm tring to install R_3.3.1 in CentOS.
So i download tar file and build it.
During build this file i got some erros because of the defendency.
I solve this errors by reference.
https://oguya.ch/posts/2017-03-18-building-R-on-rhel-6/ here.
But At the libcurl step.I can't solve it.
checking if libcurl is version 7 and >= 7.28.0... yes
checking if libcurl supports https... no
configure: error: libcurl >= 7.28.0 library and headers are required with support for https
and My curl version is 7.47.1 so i think version is not matter
[nubiz#localhost R-3.3.1]$ curl --version
curl 7.47.1 (x86_64-pc-linux-gnu) libcurl/7.47.1 zlib/1.2.8
Protocols: dict file ftp gopher http imap pop3 rtsp smtp telnet tftp
but the error say this libcurl can't use http.
So is there any version can use http or something way to this error?
I check my protocols what can i use in curl using this command 'curl-config --protocols'
And i can using only HTTP like this
DICT
FILE
FTP
GOPHER
HTTP
IMAP
POP3
RTSP
SMTP
TELNET
TFTP
it can be enable to HTTPS?
does anybody if is possible to disable TLS v1 in Corda Artemis. I know Corda use TLS v1.2 but our problem is TLS v1 is enable in the system.
If I run "openssl s_client -connect IP:port -tls1" I get a sucessfully respond. Is there a way to disable TLS v1 in corda? Thanks!! –
TLS1 is not enabled. If you run openssl s_client -connect IP:port -tls1 and try and connect to a node, you get a wrong version number error, indicating that TLS1 is not supported.
The list of supported TLS versions can be found here: https://github.com/corda/corda/blob/master/node-api/src/main/kotlin/net/corda/nodeapi/ArtemisTcpTransport.kt. Only v1.2 is supported.
I'm trying to fetch the following URL via various libraries and command-line tools, but running into a SSL handshake error.
> curl https://www.joelosteen.com/Views/RSS/Feed?t=PodcastVideo&ct=CustomList&cst=Podcasts
curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
I've seen here it may be fixed by reducing possible ciphers, but trying this less strict call with restricted ciphers doesn't fix it.
curl -vlkL "https://www.joelosteen.com/Views/RSS/Feed?t=PodcastVideo&ct=CustomList&cst=Podcasts" --ciphers DHE-RSA-AES256-SHA
Any ideas how I can fix this? It's a shared account, ie no root available.
The server supports only TLS version 1.2, i.e. no TLS 1.0 or even SSL 3.0. My guess is that the curl you use is simply too old to use TLS 1.2, but without further details about the version you use this guess can not be verified.
To determine the version of curl use curl --version. If you see it is compiled with OpenSSL than it should show at least version 1.0.1 of OpenSSL to have TLS 1.2 support.
curl -vlkL ... --ciphers DHE-RSA-AES256-SHA
This is not a cipher supported by the server. One of the ciphers supported is AES128-SHA but again, no chance if your curl does not support TLS 1.2.