SSL Handchake / CURL

If none of the more specific forums is the right place to ask

SSL Handchake / CURL

Postby ZIP1 » 2019-10-20 09:08

I am trying to load a web page with php and CURL. The Website is secured by SSL:
https://secure.runescape.com/m=hiscore/ ... yer=zezima

In Firefox its opend without problems.
Certificate and SSL seems to be OK: https://www.ssllabs.com/ssltest/analyze ... com&latest (Overall Rating A+)

Now I am using Debian(Raspian) on two different servers. One with SSL
Code: Select all
Server1: openssl version -v

OpenSSL 1.1.1c 28 May 2019


Code: Select all
Server2: openssl version -v

OpenSSL 1.1.0k 28 May 2019


On Server 2, everything seems to be working: curl https://secure.runescape.com/m=hiscore/ ... yer=zezima (OK)
On Server 1 it sais
curl: (35) error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type


So I tried to google and found this bug report:
https://bugs.debian.org/cgi-bin/bugrepo ... bug=912759

They say something about "server wrong configured", but as ssllabs.com said everything is ok, I am a bit confused.

I tried different things:
Code: Select all
curl https://secure.runescape.com/m=hiscore/index_lite.ws?player=zezima -prexit

Warning: Invalid character is found in given range. A specified range MUST
Warning: have only digits in 'start'-'stop'. The server's response to this
Warning: request is uncertain.
curl: (35) error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type


Code: Select all
openssl s_client -connect secure.runescape.com/m=hiscore/index_lite.ws?player=zipper5004:443  -cipher DEFAULT@SECLEVEL=1

140476209837184:error:2008F002:BIO routines:BIO_lookup_ex:system lib:../crypto/bio/b_addr.c:710:Name or service not known
connect:errno=22


What am I doing wrong? Thanks!
ZIP1
 
Posts: 2
Joined: 2019-10-20 08:53

Re: SSL Handchake / CURL

Postby reinob » 2019-10-21 05:25

ZIP1 wrote:So I tried to google and found this bug report:
https://bugs.debian.org/cgi-bin/bugrepo ... bug=912759

They say something about "server wrong configured", but as ssllabs.com said everything is ok, I am a bit confused.


Their certificate is signed with SHA-1, which is not supported (by default) anymore in debian buster. You obviously didn't read the release notes when installing (or upgrading to) buster.
Here: https://www.debian.org/releases/stable/ ... l-defaults

Browsers are usually much more lax in what they interoperate with.
If you want, you can change the security default in /etc/ssl/openssl.cnf.

I tried different things:
Code: Select all
openssl s_client -connect secure.runescape.com/m=hiscore/index_lite.ws?player=zipper5004:443  -cipher DEFAULT@SECLEVEL=1

140476209837184:error:2008F002:BIO routines:BIO_lookup_ex:system lib:../crypto/bio/b_addr.c:710:Name or service not known
connect:errno=22


What am I doing wrong? Thanks!


with openssl s_client you connect to a server/port, but you can't request a URL (s_client is not a web client), so you should:

Code: Select all
$ openssl s_client -connect secure.runescape.com:443  -cipher DEFAULT@SECLEVEL=1


this works, and lets you then type your HTTP query (like "GET /m=hiscore/index_lite.ws?player=zipper5004 HTTP/1.0")
reinob
 
Posts: 742
Joined: 2014-06-30 11:42

Re: SSL Handchake / CURL

Postby ZIP1 » 2019-10-23 15:22

Thank you very much!
= Closed :)
ZIP1
 
Posts: 2
Joined: 2019-10-20 08:53


Return to General Questions

Who is online

Users browsing this forum: No registered users and 8 guests

fashionable