Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

SSL Handchake / CURL

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
ZIP1
Posts: 2
Joined: 2019-10-20 08:53

SSL Handchake / CURL

#1 Post by ZIP1 »

I am trying to load a web page with php and CURL. The Website is secured by SSL:
https://secure.runescape.com/m=hiscore/ ... yer=zezima

In Firefox its opend without problems.
Certificate and SSL seems to be OK: https://www.ssllabs.com/ssltest/analyze ... com&latest (Overall Rating A+)

Now I am using Debian(Raspian) on two different servers. One with SSL

Code: Select all

Server1: openssl version -v
OpenSSL 1.1.1c 28 May 2019

Code: Select all

Server2: openssl version -v
OpenSSL 1.1.0k 28 May 2019
On Server 2, everything seems to be working: curl https://secure.runescape.com/m=hiscore/ ... yer=zezima (OK)
On Server 1 it sais
curl: (35) error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type
So I tried to google and found this bug report:
https://bugs.debian.org/cgi-bin/bugrepo ... bug=912759

They say something about "server wrong configured", but as ssllabs.com said everything is ok, I am a bit confused.

I tried different things:

Code: Select all

curl https://secure.runescape.com/m=hiscore/index_lite.ws?player=zezima -prexit
Warning: Invalid character is found in given range. A specified range MUST
Warning: have only digits in 'start'-'stop'. The server's response to this
Warning: request is uncertain.
curl: (35) error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type

Code: Select all

openssl s_client -connect secure.runescape.com/m=hiscore/index_lite.ws?player=zipper5004:443  -cipher DEFAULT@SECLEVEL=1
140476209837184:error:2008F002:BIO routines:BIO_lookup_ex:system lib:../crypto/bio/b_addr.c:710:Name or service not known
connect:errno=22
What am I doing wrong? Thanks!
Top
reinob
Posts: 1195
Joined: 2014-06-30 11:42
Has thanked: 99 times
Been thanked: 47 times

Re: SSL Handchake / CURL

#2 Post by reinob »

ZIP1 wrote:So I tried to google and found this bug report:
https://bugs.debian.org/cgi-bin/bugrepo ... bug=912759

They say something about "server wrong configured", but as ssllabs.com said everything is ok, I am a bit confused.
Their certificate is signed with SHA-1, which is not supported (by default) anymore in debian buster. You obviously didn't read the release notes when installing (or upgrading to) buster.
Here: https://www.debian.org/releases/stable/ ... l-defaults

Browsers are usually much more lax in what they interoperate with.
If you want, you can change the security default in /etc/ssl/openssl.cnf.
I tried different things:

Code: Select all

openssl s_client -connect secure.runescape.com/m=hiscore/index_lite.ws?player=zipper5004:443  -cipher DEFAULT@SECLEVEL=1
140476209837184:error:2008F002:BIO routines:BIO_lookup_ex:system lib:../crypto/bio/b_addr.c:710:Name or service not known
connect:errno=22
What am I doing wrong? Thanks!
with openssl s_client you connect to a server/port, but you can't request a URL (s_client is not a web client), so you should:

Code: Select all

$ openssl s_client -connect secure.runescape.com:443  -cipher DEFAULT@SECLEVEL=1
this works, and lets you then type your HTTP query (like "GET /m=hiscore/index_lite.ws?player=zipper5004 HTTP/1.0")
Top
ZIP1
Posts: 2
Joined: 2019-10-20 08:53

Re: SSL Handchake / CURL

#3 Post by ZIP1 »

Thank you very much!
= Closed :)
Top
Post Reply

Return to “General Questions”