HTTPS: unsupported protocol [OpenSSL::SSL::SSLError] #3141

marmack95 · 2024-04-26T14:53:45Z

Hello,
i have an old device which use HTTPS.
With Firefox, i'm able to re-enable TLS deprecated to gain access to it.
But with Oxidized: how to do ?
The device redirect HTTP to HTTPS.

2024-04-26 14:25:46 UTC
SSL_connect returned=1 errno=0 peeraddr=10.1.11.54:443 state=error: unsupported protocol [OpenSSL::SSL::SSLError]
--------------------------------------------------
/usr/lib/ruby/3.0.0/net/protocol.rb:46:in `connect_nonblock'
/usr/lib/ruby/3.0.0/net/protocol.rb:46:in `ssl_socket_connect'
/usr/lib/ruby/3.0.0/net/http.rb:1038:in `connect'
/usr/lib/ruby/3.0.0/net/http.rb:970:in `do_start'
/usr/lib/ruby/3.0.0/net/http.rb:959:in `start'
/usr/lib/ruby/3.0.0/net/http.rb:621:in `start'
/var/lib/gems/3.0.0/gems/oxidized-0.30.1/lib/oxidized/input/http.rb:76:in `make_request'
/var/lib/gems/3.0.0/gems/oxidized-0.30.1/lib/oxidized/input/http.rb:57:in `get_http'
/var/lib/gems/3.0.0/gems/oxidized-0.30.1/lib/oxidized/input/http.rb:44:in `cmd_str'
/var/lib/gems/3.0.0/gems/oxidized-0.30.1/lib/oxidized/input/http.rb:35:in `cmd'
/var/lib/gems/3.0.0/gems/oxidized-0.30.1/lib/oxidized/model/model.rb:122:in `cmd'
/var/lib/gems/3.0.0/gems/oxidized-0.30.1/lib/oxidized/model/model.rb:172:in `block in get'
/var/lib/gems/3.0.0/gems/oxidized-0.30.1/lib/oxidized/model/model.rb:171:in `each'
/var/lib/gems/3.0.0/gems/oxidized-0.30.1/lib/oxidized/model/model.rb:171:in `get'
/var/lib/gems/3.0.0/gems/oxidized-0.30.1/lib/oxidized/input/cli.rb:14:in `get'
/var/lib/gems/3.0.0/gems/oxidized-0.30.1/lib/oxidized/node.rb:70:in `run_input'
/var/lib/gems/3.0.0/gems/oxidized-0.30.1/lib/oxidized/node.rb:47:in `block in run'
/var/lib/gems/3.0.0/gems/oxidized-0.30.1/lib/oxidized/node.rb:41:in `each'
/var/lib/gems/3.0.0/gems/oxidized-0.30.1/lib/oxidized/node.rb:41:in `run'
/var/lib/gems/3.0.0/gems/oxidized-0.30.1/lib/oxidized/job.rb:10:in `block in initialize'

The text was updated successfully, but these errors were encountered:

marmack95 · 2024-05-03T16:35:36Z

I've made some tests.

My device seems use :

OpenSSL 0.9.8
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA

Firefox indicate protocol TLSv1 & cipher TLS_RSA_WITH_AES_128_CBC_SHA

When i do "openssl s_client -connect 10.1.11.54:443 -cipher DHE-RSA-AES256-SHA" from:

centos 5 - openssl 0.9.8, it's works
macosx 10.13 - libresssl 2.2.7, it's works
ubuntu 22 - openssl 3.0.2, it's fails (my oxidized server)

So, it's not a oxidized problem, it's an openssl problem.

marmack95 · 2024-05-03T16:45:22Z

I found a possible solution here: eclipse/mosquitto#2779
I tested value 1 and 0, and it's works.
So the problem it's my device use a 1024 bit key... (value 2 need a key of 2048 bit )

Do you think it's possible to change configuration of openssl only for oxidized ?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

HTTPS: unsupported protocol [OpenSSL::SSL::SSLError] #3141

HTTPS: unsupported protocol [OpenSSL::SSL::SSLError] #3141

marmack95 commented Apr 26, 2024

marmack95 commented May 3, 2024 •

edited

marmack95 commented May 3, 2024 •

edited

HTTPS: unsupported protocol [OpenSSL::SSL::SSLError] #3141

HTTPS: unsupported protocol [OpenSSL::SSL::SSLError] #3141

Comments

marmack95 commented Apr 26, 2024

marmack95 commented May 3, 2024 • edited

marmack95 commented May 3, 2024 • edited

marmack95 commented May 3, 2024 •

edited

marmack95 commented May 3, 2024 •

edited