[SOLVED] Problems with SSLv2 and SSLv3
I have found a few websites that I can't connect to due to 'ERR_SSL_VERSION_OR_CIPHER_MISMATCH'. One such site is 'downloads.tuxfamily.org'. I tried running `openssl s_client -connect downloads.tuxfamily.org:443` and got the following:
CONNECTED(00000003)
139689492604224:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1543:SSL alert number 40
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 325 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
If I try to curl the website with -sslv2 or -sslv3, I get:
curl: (4) OpenSSL was built without SSLv3 support
This leads me to believe that the lack of ssl3 is causing the problem. The problem though, is that I do not see an openssl package with sslv3 support in the repositories.
Last edited by DAMO238 (2020-06-19 11:12:41)
Re: [SOLVED] Problems with SSLv2 and SSLv3
$ openssl s_client -connect downloads.tuxfamily.org:443
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = absinthe.tuxfamily.org
verify return:1
Certificate chain
0 s:CN = absinthe.tuxfamily.org
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
Server certificate
-----BEGIN CERTIFICATE-----
MIIFxDCCBKygAwIBAgISBKxX8C3lRW/+3okOXq1TdmvnMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA0MjgwMTQ3MzJaFw0y
MDA3MjcwMTQ3MzJaMCExHzAdBgNVBAMTFmFic2ludGhlLnR1eGZhbWlseS5vcmcw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjmLnYg8y2uP7KWX5xk1f3
jrPg85yi2MchBwX4GMUBidXZNMrh+9Al7cAKlIO3XFx3tUhIHcENvPyP1OCjdZK2
7ELegZieurJ0vmX61hJkDsRLN0t73qJF3K0L9UQD31recsqr3LNV5168HaDoXSfP
MP7cyrBLpgkLKZ6aPhe++TCadXl91YAhRukFvk09xZhgpnIJdvRdNbzoIi9FmJ7k
o/JTN8yMbxUGsEKKggbPhfILsGNPadJPMdA//8tYG4+RhJ7Fooa+rEX5EYsMK5PT
70kfJ5mPblYZtGfJaZ5lmicKn75dlMDQTgsBoPnZIwWn88nj0OG+Snu05t/ym5KV
AgMBAAGjggLLMIICxzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKcyNTF27/9gRkfi
UzNUs3ow5F27MB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsG
AQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNl
bmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNl
bmNyeXB0Lm9yZy8wgYAGA1UdEQR5MHeCFmFic2ludGhlLnR1eGZhbWlseS5vcmeC
FmFybWFnbmFjLnR1eGZhbWlseS5vcmeCFmRvd25sb2FkLnR1eGZhbWlseS5vcmeC
F2Rvd25sb2Fkcy50dXhmYW1pbHkub3JnghRtYWxpYnUudHV4ZmFtaWx5Lm9yZzBM
BgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIB
FhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUE
gfIA8AB1AAe3XBvlfWj/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABcb6usmQA
AAQDAEYwRAIgfM+NNoEjyF4EqI6dAw33b0Vx5hfDGt6QWdoOVnE/1ZkCICh2vV1b
7T9GlwwNh/EmG1ZU4dnajZAgFyGP8WdImiB5AHcA5xLysDd+GmL7jskMYYTx6ns3
y1YdESZb8+DzS/JBVG4AAAFxvq6yLAAABAMASDBGAiEAsYPVAeMM65MAz5SmYw0Y
c6KQRiwAjS0n/aDBJzfynZgCIQCtScnApJqNh3O2ft0WWKN8sjjQWDivN0uDGTDt
Jn/MizANBgkqhkiG9w0BAQsFAAOCAQEAHQiGSAHyQwd8sGm7/V1lPLYamc/r7R7W
+/myFLDBcz3e2+TWomosl8Ucsvjf/pNBR1eZcCzXCYBh8hyK2oLrqq0H7hEZZDwR
abfyp7wlId8BRzEH0ydXQnUo7xNovPIfdFzMqcs9MmTKH3hNJVwbi6ODtzTWgvSP
0pWkmgpJDShtnpFq8wrIGswiERe7PBT2fQXsOkp6TuXHP8vMau8RTY7Q+5v90Hux
JoklIfUyRrOJ0Oe1Huheqbfp7A01tIOJMVhypqOLWCKMICq3Ppr4G8ahe+ovjqaI
ZGvImOjvbpzutkWsYt7UMKZpe8gcvgURs3IOdfU0MXD2qBaqIM5fcg==
-----END CERTIFICATE-----
subject=CN = absinthe.tuxfamily.org
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-384, 384 bits
SSL handshake has read 3379 bytes and written 483 bytes
Verification: OK
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: DE1511D2AB66215FC4B4461F28E2435092A7F894A51C02481AA284C522D9D3CA
Session-ID-ctx:
Master-Key: 022A6E1EE50C7CA9EB6E63F304938352B94D75DAD7D33B0C171F2CEE7C92163E381E462B3261E6C920FE8633C22F3F05
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 10 37 30 69 be ae 23 8c-cb b4 e5 10 fd 8f 51 51 .70i..#.......QQ
0010 - 77 d5 12 85 c2 0e e1 d1-23 2b 81 87 d8 da 86 40 w.......#+.....@
0020 - d2 bc e1 70 0d dd bf 99-e5 c5 fb 6c bf 80 e9 a1 ...p.......l....
0030 - 35 68 bd e9 3d 97 35 eb-2d 84 27 04 cd c7 fa b0 5h..=.5.-.'.....
0040 - 71 92 fa 76 22 86 7d da-f0 33 75 b6 72 c1 03 be q..v".}..3u.r...
0050 - d4 86 0a 8d 27 3c 40 c5-33 c9 8c 9c df ba ec 39 ....'<@.3......9
0060 - 65 a0 bd e6 68 b9 d5 fb-07 38 76 32 84 0d f1 ae e...h....8v2....
0070 - 42 94 9e c7 13 5f 86 6a-29 27 dd 67 5d af 2e b1 B...._.j)'.g]...
0080 - 67 94 20 93 5d 27 7b ff-2e f6 c3 6b 8c 26 73 0b g. .]'{....k.&s.
0090 - 3f e8 72 0a 14 2e 22 09-c0 b3 af f5 85 9e 90 df ?.r...".........
00a0 - fc 63 f4 c7 9c d0 f0 bf-7a c7 b7 bc 07 7b a0 de .c......z....{..
00b0 - b2 f3 dd 98 f6 12 06 f9-a4 3c 76 ba 0e ff 69 80 .........<v...i.
Start Time: 1592485685
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
Is your connection passed through a transparent proxy?
Re: [SOLVED] Problems with SSLv2 and SSLv3
Do not seek to enable SSLv2/3,
https://en.wikipedia.org/wiki/Transport … 0,_and_3.0
Re: [SOLVED] Problems with SSLv2 and SSLv3
SSLv3 was declared insecure and depreacted in 2015 ... ,
https://tools.ietf.org/html/rfc7568
The site does support tls 1.2 and has a valid certiifcate from let's encrypt .
Firefox has no problem downloading
https://downloads.tuxfamily.org/achille/achille-1.0.tgz
f.e.
Below is the output of that openssl command on my system, as you can see there's no need for the old deprecated SSL version 3 .
The problem is at your end.
please post
pacman -Qs ssl
and the exact commands you are running including any parameters.
$ openssl s_client -connect downloads.tuxfamily.org:443
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = absinthe.tuxfamily.org
verify return:1
Certificate chain
0 s:CN = absinthe.tuxfamily.org
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
Server certificate
-----BEGIN CERTIFICATE-----
MIIFxDCCBKygAwIBAgISBKxX8C3lRW/+3okOXq1TdmvnMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA0MjgwMTQ3MzJaFw0y
MDA3MjcwMTQ3MzJaMCExHzAdBgNVBAMTFmFic2ludGhlLnR1eGZhbWlseS5vcmcw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjmLnYg8y2uP7KWX5xk1f3
jrPg85yi2MchBwX4GMUBidXZNMrh+9Al7cAKlIO3XFx3tUhIHcENvPyP1OCjdZK2
7ELegZieurJ0vmX61hJkDsRLN0t73qJF3K0L9UQD31recsqr3LNV5168HaDoXSfP
MP7cyrBLpgkLKZ6aPhe++TCadXl91YAhRukFvk09xZhgpnIJdvRdNbzoIi9FmJ7k
o/JTN8yMbxUGsEKKggbPhfILsGNPadJPMdA//8tYG4+RhJ7Fooa+rEX5EYsMK5PT
70kfJ5mPblYZtGfJaZ5lmicKn75dlMDQTgsBoPnZIwWn88nj0OG+Snu05t/ym5KV
AgMBAAGjggLLMIICxzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKcyNTF27/9gRkfi
UzNUs3ow5F27MB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsG
AQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNl
bmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNl
bmNyeXB0Lm9yZy8wgYAGA1UdEQR5MHeCFmFic2ludGhlLnR1eGZhbWlseS5vcmeC
FmFybWFnbmFjLnR1eGZhbWlseS5vcmeCFmRvd25sb2FkLnR1eGZhbWlseS5vcmeC
F2Rvd25sb2Fkcy50dXhmYW1pbHkub3JnghRtYWxpYnUudHV4ZmFtaWx5Lm9yZzBM
BgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIB
FhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUE
gfIA8AB1AAe3XBvlfWj/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABcb6usmQA
AAQDAEYwRAIgfM+NNoEjyF4EqI6dAw33b0Vx5hfDGt6QWdoOVnE/1ZkCICh2vV1b
7T9GlwwNh/EmG1ZU4dnajZAgFyGP8WdImiB5AHcA5xLysDd+GmL7jskMYYTx6ns3
y1YdESZb8+DzS/JBVG4AAAFxvq6yLAAABAMASDBGAiEAsYPVAeMM65MAz5SmYw0Y
c6KQRiwAjS0n/aDBJzfynZgCIQCtScnApJqNh3O2ft0WWKN8sjjQWDivN0uDGTDt
Jn/MizANBgkqhkiG9w0BAQsFAAOCAQEAHQiGSAHyQwd8sGm7/V1lPLYamc/r7R7W
+/myFLDBcz3e2+TWomosl8Ucsvjf/pNBR1eZcCzXCYBh8hyK2oLrqq0H7hEZZDwR
abfyp7wlId8BRzEH0ydXQnUo7xNovPIfdFzMqcs9MmTKH3hNJVwbi6ODtzTWgvSP
0pWkmgpJDShtnpFq8wrIGswiERe7PBT2fQXsOkp6TuXHP8vMau8RTY7Q+5v90Hux
JoklIfUyRrOJ0Oe1Huheqbfp7A01tIOJMVhypqOLWCKMICq3Ppr4G8ahe+ovjqaI
ZGvImOjvbpzutkWsYt7UMKZpe8gcvgURs3IOdfU0MXD2qBaqIM5fcg==
-----END CERTIFICATE-----
subject=CN = absinthe.tuxfamily.org
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-384, 384 bits
SSL handshake has read 3379 bytes and written 483 bytes
Verification: OK
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: D3F644AD2FFB016EAB1065661190FC80038F774A209B542006CA67DC5D31BFD7
Session-ID-ctx:
Master-Key: A09260EC56D31DC755397F262F68F491E1849B0A051D571136D24A6E44A5E18CAC3124F2B3C96CBDAAE65C77EFCD1109
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - d6 53 21 8b 46 24 68 17-88 12 c5 e6 8f 10 82 eb .S!.F$h.........
0010 - 36 4c 82 e5 27 d0 47 7b-98 ae af 84 fd 41 74 38 6L..'.G{.....At8
0020 - 82 bf 42 52 ef e1 00 a7-a4 8d 29 1e 66 2d 67 c0 ..BR......).f-g.
0030 - 8b 60 fd c5 b0 39 45 46-31 9e 03 af 07 45 0f e3 .`...9EF1....E..
0040 - fa 73 ab 03 1b d1 a2 c3-45 3c 0b e5 0c 9e 75 05 .s......E<....u.
0050 - 51 c8 f9 59 b7 7b ef 10-b4 32 ab 59 43 fc c1 1d Q..Y.{...2.YC...
0060 - 98 24 00 b9 58 5e 06 14-04 ec d3 88 8b f1 de 05 .$..X^..........
0070 - df ab 89 51 a1 39 63 57-8e c0 49 ab d6 f2 7a 61 ...Q.9cW..I...za
0080 - 82 67 f9 40 22 8a 1f 09-42 29 09 06 df 84 6c bb .g.@"...B)....l.
0090 - a4 51 61 15 f8 f9 2d 8c-f9 d9 b6 1c 10 78 7d 73 .Qa...-......x}s
00a0 - 5d ef 5a 3d 24 c2 22 e5-0b 0e 91 41 58 8f ce 9b ].Z=$."....AX...
00b0 - 9d 47 42 e5 9f 47 28 27-9c a9 52 bd 69 9b d6 3b .GB..G('..R.i..;
Start Time: 1592486861
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
clean chroot building
not flexible enough ?
Try
clean chroot manager
by graysky
Re: [SOLVED] Problems with SSLv2 and SSLv3
DAMO238 wrote:
If I try to curl the website with -sslv2 or -sslv3, I get:
curl: (4) OpenSSL was built without SSLv3 support
This leads me to believe that the lack of ssl3 is causing the problem.
That's not it, because downloads.tuxfamily.org (rightly) doesn't support ssl3 either:
https://www.ssllabs.com/ssltest/analyze … family.org
Last edited by sabroad (2020-06-18 14:37:05)
Re: [SOLVED] Problems with SSLv2 and SSLv3
Ok, thank you everyone for helping! I am simply running 'openssl s_client -connect downloads.tuxfamily.org:443' just like you are. Here is the output of the pacman query:
local/flac 1.3.3-2
Free Lossless Audio Codec
local/haskell-tls 1.5.4-12
TLS/SSL protocol native implementation (Server and Client)
local/lib32-flac 1.3.3-1
Free Lossless Audio Codec (32-bit)
local/lib32-openssl 1:1.1.1.g-1
The Open Source toolkit for Secure Sockets Layer and Transport Layer Security (32-bit)
local/lib32-openssl-1.0 1.0.2.u-1
The Open Source toolkit for Secure Sockets Layer and Transport Layer Security
local/lzo 2.10-3
Portable lossless data compression library
local/mbedtls 2.16.5-1
Portable cryptographic and SSL/TLS library, aka polarssl
local/openssl 1.1.1.g-2
The Open Source toolkit for Secure Sockets Layer and Transport Layer Security
local/openssl-1.0 1.0.2.u-1
The Open Source toolkit for Secure Sockets Layer and Transport Layer Security
local/perl-crypt-openssl-random 0.15-5
Routines for accessing the OpenSSL pseudo-random number generator
local/perl-crypt-openssl-rsa 0.31-4
RSA encoding and decoding, using the openSSL libraries
local/perl-crypt-ssleay 0.73_04-12
OpenSSL glue that provides LWP https support
local/perl-io-socket-ssl 2.066-2
Nearly transparent SSL encapsulation for IO::Socket::INET
local/perl-net-ssleay 1.88-1
Perl extension for using OpenSSL
local/wavpack 5.3.0-1
Audio compression format with lossless, lossy and hybrid compression modes
local/xmlsec 1.2.30-2
XML Security Library is a C library based on LibXML2
EDIT: Strange development. If I run the exact same command a few times, it randomly works (about 10% of the time) and gives the following result:
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = tails.boum.org
verify return:1
Certificate chain
0 s:CN = tails.boum.org
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
Server certificate
-----BEGIN CERTIFICATE-----
MIIGVDCCBTygAwIBAgISBDjdeUWPj9QxTnIlpwiNoXVWMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA1MTcwNzA5MzNaFw0y
MDA4MTUwNzA5MzNaMBkxFzAVBgNVBAMTDnRhaWxzLmJvdW0ub3JnMIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA14LDGVIZ7v/BH6iWUCcbeHpoLnmvPzFM
V++FjBggRNatrY2MyeHMBIq/E2LNKRm72Ye6LuEQHpbY8G++u/ACh6imXd9gojZM
tMgKBCNNp5tUNVaZ00or36+4gXVccAUvqw+7tLgfUsiRgm5yqA1/M4YGHxv8y9Kt
TxBgvjeCB0r72C0ycpQg9EzyotT5zWalqk/KMCXAYbSGnT+5NPAMRPrFLJNEW0hp
wYrua5hXDVDa2k95Pt6e72hyUqzVOvSoMUu4CcLECtKbeuYcs1W1ujzjMAhkxxH5
N5nM1xI2/EKQpFPf3V9fRIj0l/Bw6QuopRZN1XLsiRMo65T/GK6A4twuk+s3Ryq1
5Y5M0sT7PZOC7LH86S4f2jvYMs1JEgSVqPzI1MrAEp0k1wdzbbnPYU4NCuSOER/q
wXoRXK64MawOTSaMNrfVzSt427A4ufvekJ4noSvyutDrDPnJRN0uEFmAswjnHmMj
XthZNh80On97o0G/u/KtPiKJ2ybyo26dRc5Nyk8H7zhosizHVM2LdYIPVqKLWB2p
u8tV/FfqbcmZZE58rxxp43Q6IBuXgMHBaOtMxqVPDCL3eN4yaL7M+FF7ITrUEQMX
jc+rsq+7bGligpmN9wqC6cF1+jBDPUH/RVfRCwdyKBEuzhuNLjqT27145att2q1Q
VJfi3anSGxUCAwEAAaOCAmMwggJfMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUesyQ
xBBzANHeJKqd+bkripGWAFgwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo
7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQt
eDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQt
eDMubGV0c2VuY3J5cHQub3JnLzAZBgNVHREEEjAQgg50YWlscy5ib3VtLm9yZzBM
BgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIB
FhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUE
gfIA8AB2AOcS8rA3fhpi+47JDGGE8ep7N8tWHREmW/Pg80vyQVRuAAABciGuWQIA
AAQDAEcwRQIhANkTwBCs03Nlq7qmpb11ppsAJz+J8U2aPXwjUGWCJSWWAiAFPchL
yQmoaCgqLGyFKkHZkuSgFZAtM0aMZ3AjHEuN2AB2AAe3XBvlfWj/8bDGHSMVx7rm
V3xXlLdq7rxhOhpp06IcAAABciGuWTYAAAQDAEcwRQIgKXwo4cDJMuC8NVjJekif
g7uhzWXlaJ5NTVJFMSb+1Z0CIQCBIlueF3mOT0vrWOpMHVd3wa1DKBtJqyvVI6s5
T69KxDANBgkqhkiG9w0BAQsFAAOCAQEALWckAMSMUm25/4pB9uuPkpBesXGwCyeu
OzihRojwAP+oUnfbDnmsxcUTzTIoOhgU0E9CNNnYwl8uC4BX+FGDDua48n1G6eUN
cI9OW52anhkvTGYHpG5a/8/IAi2jAeowPtudZP3XovYnFA8NvK+qLztCN//bAEWo
DFN+p9NA3shRV6CHPvLnDivphPRmpC5Ou/sueYZOBLXGOIrOp+JifuflPvLWP6aN
3yW6/hvz8Mg8jPTYko6n/Vjp6fjRvWLE68YH/Gh9nnMDoygb4WTIhtl0t/mPiXuh
px1ad/HoH3YTM55+w6/Wf0Jh6d1XGT0uoUGWhcnyuhukvrH2uCy96g==
-----END CERTIFICATE-----
subject=CN = tails.boum.org
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: X25519, 253 bits
SSL handshake has read 3718 bytes and written 409 bytes
Verification: OK
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 4291EEBB15E5E8B3F61EC08083B05230BD28D22EFF9D38B97DAE2ADDE22308FC
Session-ID-ctx:
Master-Key: 275F9C76507F5DB084ACE5CDE233F40CE0FB582DD9B4E684521D8781B824FCBA3D9C52D815B8DF46130A44437054B4A5
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 8b 0b 3d 12 a4 be 74 ba-21 dd 0b c0 93 be 61 74 ..=...t.!.....at
0010 - 1a 32 f2 48 c4 be 4b 92-a0 6c e0 a8 3f db 18 a8 .2.H..K..l..?...
0020 - c8 5f 49 f4 aa f7 de 74-c7 fe ff d2 22 64 d5 10 ._I....t...."d..
0030 - 15 98 81 82 9d eb b2 23-53 a8 5e 9b e2 03 9f 54 .......#S.^....T
0040 - 8d 24 f1 76 79 bb 03 b3-2a d7 72 c9 3c cd a1 27 .$.vy...*.r.<..'
0050 - 21 cb 4e 13 98 c3 df 9c-98 1c b0 d6 72 54 6a b0 !.N.........rTj.
0060 - ea f4 d9 4b ac bd 0c 7a-1d df 8c a8 22 44 74 a6 ...K...z...."Dt.
0070 - e5 8b 8c cf 67 f9 7c af-07 4b 7b 49 8d b2 76 85 ....g.|..K{I..v.
0080 - 53 79 42 24 97 db 2f e0-c6 e2 c0 c2 19 4a ce 9d SyB$../......J..
0090 - 46 4e f9 d1 f8 90 4c 63-a1 3b 78 19 16 48 77 b5 FN....Lc.;x..Hw.
00a0 - f9 7c 20 c5 13 78 72 72-2e e5 19 22 50 75 89 1f .| ..xrr..."Pu..
00b0 - 1d af 7a 55 e7 48 e0 1f-1c 17 bf 81 97 15 b2 7d ..zU.H.........}
Start Time: 1592491721
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
closed
EDIT2: Further development shows that in firefox, tails' website loads fine, yet the tuxfamily page does not. This suggests to me, that there are at least two problems involved here. The repeated running of openssl on tuxfamily does not succeed ever.
Last edited by DAMO238 (2020-06-18 14:58:33)
Re: [SOLVED] Problems with SSLv2 and SSLv3
What's the output of curl?
curl -vsSL https://downloads.tuxfamily.org >/dev/null
Last edited by sabroad (2020-06-18 16:13:38)
Re: [SOLVED] Problems with SSLv2 and SSLv3
sabroad wrote:
What's the output of curl?
curl -vsSL https://downloads.tuxfamily.org >/dev/null
* Trying 81.130.111.239:443...
* Connected to downloads.tuxfamily.org (81.130.111.239) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS alert, handshake failure (552):
{ [2 bytes data]
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Re: [SOLVED] Problems with SSLv2 and SSLv3
Does
http://amibehindaproxy.com/
show a different local IP address to the one you expect?
Edit:
See
Proxy_server#Transparent_proxy
Last edited by loqs (2020-06-18 18:32:11)
Re: [SOLVED] Problems with SSLv2 and SSLv3
Also check whether your system time is vastly off.
Re: [SOLVED] Problems with SSLv2 and SSLv3
I get my public ip of my router from
http://amibehindaproxy.com/
. This is different from my private ip address (192.168.1.102). I then tried connecting through my vpn, and it worked. Of course this is not a long term solution, but it works for now.
Re: [SOLVED] Problems with SSLv2 and SSLv3
DAMO238 wrote:
* Trying 81.130.111.239:443...
* Connected to downloads.tuxfamily.org (81.130.111.239) port 443 (#0)
Turn off BT Parental controls- it's hijacking your DNS.
https://community.bt.com/t5/Home-setup- … -p/1939080
Last edited by sabroad (2020-06-19 10:17:28)
