Notes |
|
|
This is related to the site changing its ssl configuration
$ curl -v https://streetmap.co.uk/loc/524473,170726
* Trying 194.75.192.70...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x55d1f10eff50)
* Connected to streetmap.co.uk (194.75.192.70) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to streetmap.co.uk:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to streetmap.co.uk:443
so curl itself cannot connect either. this may be related to https://github.com/curl/curl/issues/1520 but i doubt it as that is from 2017
$ openssl s_client -connect streetmap.co.uk:443
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 307 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
|
|
|
|
Most interesting! Those curl and openssl commands on Ubuntu fail, but Firefox on the same computer and OS works (to the secure version of the URL).
Do we have any way to diagnose why the commands fail? Do we believe that streetmap has an incorrect SSL configuration? |
|
|
|
3.10 development edition reports the error as "Unable to fetch document" which is less bad than "unknown"
jmb noticed what the actual issue is:
pretty trivial -- server only supports tls1.0 and 3des. we haven't offered 3des for years, cos it's broken |
|
|
|
We should see if there's a way to add an openssl callback which would tell us what went wrong. |
|
|
|
|
|
|
Since the cause of the problem is that the streetmap site only uses old, insecure, deprecated ciphers that no browser from now on should support, shouldn't this bug be closed? |
|
|
|
|