2 Replies Latest reply on Feb 11, 2015 7:03 AM by otruniger

    Cannot connect to a specific https webserver

    otruniger

      Hi,

      I cannot make our MWG 7.4.2.7.0 (18936) connect to https://www.journal21.ch and I don't fully understand the problem.

       

      When I try to debug the problem with openssl I find that the server accepts only these ciphers available on MWG: AES256-GCM-SHA384, AES256-SHA256, AES256-SHA, AES128-GCM-SHA256, AES128-SHA256, AES128-SHA, DES-CBC3-SHA

       

      So this command works: openssl s_client -connect www.journal21.ch:443 -cipher AES256-GCM-SHA384

      But whatever I try, I never works with the local curl command. I alway get:

      $ curl https://www.journal21.ch/

      curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

       

      If I use curl on Solaris or Ubuntu it works using ECDHE-ECDSA-AES128-GCM-SHA256, which is not available on MWG. But it also fails like this:

      curl -k --ciphers AES256-GCM-SHA384 https://www.journal21.ch (but it works with "curl -k --ciphers ECDHE-ECDSA-AES128-GCM-SHA256 https://www.journal21.ch"

       

      So my conclusion so far: openssl does not the same like curl. While openssl can do a successful handshake with www.journal21.ch for some ciphers, curl never succeeds for any of the available ciphers, but fails also on different OS with the same ciphers (while succeeding with different ciphers not available on MWG).

       

      When curl always fails on MWG, I guess I should not wonder why my proxy always fails. BTW: I have a decent setup for SSL accourding to the guide for Poodle.

       

      Is there any chance to get this working on MWG? And if not what's the problem with the webserver? Yes, I can set up a SSL-Tunnel for the site, but I would like to understand the technical background.

       

      Thanks for any insights