At some servers (few) when I connect with them via https I get the message “connection was reset”.
This message or other with the same meaning i get from any browser (Chrome, Firefox, Opera, wget, curl) or other clients that try to connect using various enviroments like Apache Cordova using nodejs for example.
Or Firefox returns:
The connection was resetThe connection to the server was reset while the page was loading.
I think that source of this issue is in following:
openssl s_client -connect git-wip-us.apache.org:443 -state -nbio
CONNECTED(00000003)
turning on non blocking io
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
write R BLOCK
SSL_connect:error in SSLv2/v3 read server hello A
read:errno=104
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 305 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
At some servers (few) when I connect with them via https I get the
message “connection was reset”.
This message or other with the same meaning i get from any browser
(Chrome, Firefox, Opera, wget, curl) or other clients that try to
connect using various enviroments like Apache Cordova using nodejs for
example.
Hi
Are you ca-certificates up to date? Your second command works fine for
me.
–
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.1 Kernel 3.11.10-21-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
malcolmlewis thanks for your reply. After a few days of research back to update with more details the issue.
Are you ca-certificates up to date? Your second command works fine for me.
CA-certidicates on my PC are updated. I don’t know about ssl protocol but an not sure if these are needed for this communication. In the “second command” :
openssl s_client -connect git-wip-us.apache.org:443 -state -nbio
CONNECTED(00000003)
turning on non blocking io
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
write R BLOCK
SSL_connect:error in SSLv2/v3 read server hello A
read:errno=104
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 305 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
I think that in following line shows the problem
SSL_connect:error in SSLv2/v3 read server hello A
read:errno=104
The two systems (my office PC (openSuse 13.1) and the remote web server) are failed to initiate ssl communication (handshaking).
I tried to connect from other systems (Redhat, Oracle Linux, OpenSuse, Windows) located inside or outside from my internal network and nothing could connect via ssl to this site, except one Windows 7 in the internal network next to my desktop. Notice that another Windows 7 more next but in the same network didn’t!
Additionally, I tried from laptop (openSuse 13.1 in my home) as well as from others linux server and all have been connected successfully.
At the end, I added on my office PC a wireless card and I have done connection via an external adsl connected with a independent internet provider and I routed all connections concerning this site via wireless interface. And all now work fine!!!
In conclusion, all computers that i tried and located in other networks work fine, all computers located in inside my office network don’t work except one!
Hi
Install wireshark on the system that works and capture the connection, install wireshark on your openSUSE system and do the same. You can then look at both captures to compare.
If I’m reading your error correctly you have mutual authentication setup (which is available but very unusual to enable). This means not only do you need to have a Website certificate setup but a client certificate as well, and both certificates need to be authenticated by an authority the other trusts.
So, is this really what you’re trying to setup (If I were to hazard a guess, Malcolm might have run his test connecting to a website on Localhost which would mean both server and client certificates are easily authenticated).
Testing with Windows IE can be a red herring. I seem to remember that MS automatically lowers security for common misconfigurations for highly unusual scenarios and SSL mutual authentication can be one of those.
I don’t know, I have the default settings such as the related packages have when these were installed on openSuse 13.1.
At one point I have doubts about mutual authentication is that apart from the other two sites is normally
I will back when i have data about network traffic from this communication
I captured the traffic with wireshark (it’s really very good) from my office PC that failed to open ssl connection with incomplete handshaking in a specific url location: