Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Detecting the ssl version used in the server
Top Forums UNIX for Advanced & Expert Users Detecting the ssl version used in the server Post 303030905 by anaigini45 on Tuesday 19th of February 2019 03:52:24 AM
Old 02-19-2019
Detecting the ssl version used in the server
Recently we were faced with a critical problem whereby our company website (E-Commerce platform) was not accessible. It threw a 301/302 error. This platform is used for subscribers to purchase reloads, subscribe to new plans and so forth.

When we ran a curl command to troubleshoot further, this was the error we found :

Code:
[oracle@ecwebapp01 ~]$ curl https://connect.telenordigital.com/oath
curl: (35) SSL connect error

We compared the output with another staging platform, which did not have this connectivity problem. Thus we compared the configurations in the test server with the production server, and found that the openssl for both the production and staging were same :

Production :

Code:
[root@ecwebapp01 digi_aigini]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
[root@ecwebapp01 digi_aigini]#

Staging :

Code:
[root@ecappstg01 digi_aigini]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
[root@ecappstg01 digi_aigini]#


The management confirmed that the certificates in the production had not expired. And to prove this, we copied the certificates from the production to the staging, and the staging server was still able to access the site.

We finally checked the Load Balancer (All the E-Comm servers are connected to the LB), and we found that the communication between the production server and the website used ssl v2, whereas the staging used TLSv1.2.

And because of this, the head of department guessed that the team that was responsible with managing the website we were trying to access had blocked the ability to use the old ssl version. We called the team to confirm, and true enough this was the reason of the problem.

However, I am still unclear of why the ssl version for both the servers vary. According to my team lead, only the Load Balancer is configured to use the SSL.

Not the servers. So my question is how did the LB get the information of the different SSL versions for both the servers?
 

10 More Discussions You Might Find Interesting

1. Solaris

Sun ONE Web Server 6.1 - enable SSL?

I've upgraded Iplannet 4.1 to Sun ONE Web Server 6.1. However. Now i can't seem to connect on port 4443 which was originally being used in 4.1 to deal with transactions....when i try to run a query on this port (4443) i get the following error: Access to the server was denied I suspect i... (1 Reply)
Discussion started by: AJD
1 Replies

2. UNIX for Dummies Questions & Answers

to enable POP3(ssl) and SMTP(ssl) in Squid

i have configured Squid proxy server in Fedora 8 with two network interfaces. HTTP, HTTPS, FTP are working fine but we are unable to download mails using mail clients from mail server with POP3(ssl) and SMTP(ssl). so please someone help us how to enable pop and smtp in Squid. (1 Reply)
Discussion started by: praneel2k
1 Replies

3. Solaris

network driver not detecting in solaris 10 X86 on HPDL380G5 Server

I have installed solaris10 x86 on HP DL380 G5 Server, but network card is not getting detected. i have installed the network driver, downloaded from the following link HP ProLiant DL380 G5 Server series- Download drivers and software - HP Business Support Center Can any one suggest me how to... (1 Reply)
Discussion started by: raj.chinnu
1 Replies

4. Web Development

Apache, cgi script run twice when ssl, once when not ssl

I have interesting problem. https:/host/some/x.cgi - this script has run twice when I call this url But http:/host/some/x.cgi work fine, only once. Output is text/plain. If I change output format to the Content-type text/html, then both urls works fine - executed only once. (2 Replies)
Discussion started by: kshji
2 Replies

5. Web Development

Apache - ModSSL (SSL Version?)

Does anyone know where Apache's use of SSL_VERSION_LIBRARY is defined and pulled from, in regard to headers? So far, I've tracked it down to mod_ssl. Which is fine, however, when I recompile mod_ssl with a new version of OpenSSL, and install the module, the request headers still report the old... (0 Replies)
Discussion started by: sun2ecliptic
0 Replies

6. Shell Programming and Scripting

How to connect to FTP server which requires SSL authentication?

Hello, I tried searching through lot of threads for a solution but couldn't fetch the exact solution, so I am creating a new thread. I am trying to connect to a FTP server 1) using a simple FTP command, it gives the error : 534 Policy requires SSL. Login failed. 2) using SFTP... (19 Replies)
Discussion started by: amitshete
19 Replies

7. UNIX for Dummies Questions & Answers

Installing SSL certificates on Ubuntu Server 12.04

Hi everyone, I am working on a Nginx + Apache installation for learning purposes, and just got to the point of installing a self-signed certificate for securing some pages that will be used to send "sensitive" information such as login credentials. So far so good. What a I want to know is how can... (2 Replies)
Discussion started by: gacanepa
2 Replies

8. Red Hat

Red Hat application server ssl keystore problem

A client is accessing our JBoss server. In the past, we set up a keystore and everything worked fine. That certificat expired and we've installed the new one. Now the client is getting the following error - HTTP/1.1 500 Internal Server Error Date: Mon, 14 Apr 2014 13:25:44 GMT Server:... (1 Reply)
Discussion started by: kkinney
1 Replies

9. Linux

Apache wildcard ssl on subdomain serves same page for non ssl virtualhosts

Issue observed: I have configured ng.my-site.com using widlcard ssl cert. When I hit https://www.my-site.com it loads ng.my-site.com website! please advise if I missed any concept / configs... Thank you! httpd.conf <VirtualHost *:80> ServerName www.my-site.com ServerAdmin... (0 Replies)
Discussion started by: ashokvpp
0 Replies

10. Programming

NodeMCU ESP8266 Blynk SSL Application for Linux Server Load Averages

Here is a useful SSL (HTTPS) application for anyone with a remote Linux server they want to keep an eye on using Blynk and the NodeMCU ESP8266. This little app also works (have tested as well) on the WeMos D1 ESP8266 Arduino board. The NodeMCU setup could not be easier, just find a... (8 Replies)
Discussion started by: Neo
8 Replies

LEARN ABOUT MINIX

ssl_set_fd

SSL_set_fd(3SSL)                                                      OpenSSL                                                     SSL_set_fd(3SSL)

NAME

       SSL_set_fd - connect the SSL object with a file descriptor

SYNOPSIS

        #include <openssl/ssl.h>

        int SSL_set_fd(SSL *ssl, int fd);
        int SSL_set_rfd(SSL *ssl, int fd);
        int SSL_set_wfd(SSL *ssl, int fd);

DESCRIPTION

       SSL_set_fd() sets the file descriptor fd as the input/output facility for the TLS/SSL (encrypted) side of ssl. fd will typically be the
       socket file descriptor of a network connection.

       When performing the operation, a socket BIO is automatically created to interface between the ssl and fd. The BIO and hence the SSL engine
       inherit the behaviour of fd. If fd is non-blocking, the ssl will also have non-blocking behaviour.

       If there was already a BIO connected to ssl, BIO_free() will be called (for both the reading and writing side, if different).

       SSL_set_rfd() and SSL_set_wfd() perform the respective action, but only for the read channel or the write channel, which can be set
       independently.

RETURN VALUES

       The following return values can occur:

       0   The operation failed. Check the error stack to find out why.

       1   The operation succeeded.

SEE ALSO

       SSL_get_fd(3), SSL_set_bio(3), SSL_connect(3), SSL_accept(3), SSL_shutdown(3), ssl(3) , bio(3)

1.0.1e                                                              2013-02-11                                                    SSL_set_fd(3SSL)
All times are GMT -4. The time now is 12:45 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy