SSL handshake error

Question

I am hitting a handshake problem with one of our servers. I cant seem to figure out how to resolve this. A few days back, I was facing a similar issue while connecting to one of our other servers and you can follow that in this question. That issue was resolved but I am facing one more similar issue like that.

This is from the error logs.

DEBUG: .../IO/Socket/SSL.pm:415: connection failed - connect returned 0
DEBUG: .../IO/Socket/SSL.pm:1175: SSL connect attempt failed because of handshake problemserror:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

I ran an openssl command too and here is the output.

-> openssl s_client -connect ABC:443 -CApath XXX
CONNECTED(00000003)
...
31507:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1101:SSL alert number 40
31507:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

I am seeing an alert number 40 there. Does it signify something?? Is the server expecting some sort of client certificates for the handshake?

user1726707 · Accepted Answer

Coming to why it was specifically failing in my script, I found the reason for it.

Before answering that I will enlist my environment to have a context

Perl : 5.10.1 (custom perl managed by perlbrew). So I am not using the modules which come by default with the system perl.

Modules managed by cpanm

Running on Ubuntu 14.04

I resolved it by installing Crypt::SSLeay module. Apparently LWP module doesn't support https without this module.

I figured this out be enabling the debugging in IO::Socket::SSL module.

use IO::Socket qw(debug4);

It might help someone in the future :)

EDIT : My scripts are still failing for some SSL connections. Looks like the openssl version is the culprit according to the thread here

SSL handshake error

Answers (2)

Related Questions