Detecting the ssl version used in the server


Login or Register for Dates, Times and to Reply

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Detecting the ssl version used in the server
# 1  
Detecting the ssl version used in the server

Recently we were faced with a critical problem whereby our company website (E-Commerce platform) was not accessible. It threw a 301/302 error. This platform is used for subscribers to purchase reloads, subscribe to new plans and so forth.

When we ran a curl command to troubleshoot further, this was the error we found :

Code:
[oracle@ecwebapp01 ~]$ curl https://connect.telenordigital.com/oath
curl: (35) SSL connect error

We compared the output with another staging platform, which did not have this connectivity problem. Thus we compared the configurations in the test server with the production server, and found that the openssl for both the production and staging were same :

Production :

Code:
[root@ecwebapp01 digi_aigini]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
[root@ecwebapp01 digi_aigini]#

Staging :

Code:
[root@ecappstg01 digi_aigini]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
[root@ecappstg01 digi_aigini]#


The management confirmed that the certificates in the production had not expired. And to prove this, we copied the certificates from the production to the staging, and the staging server was still able to access the site.

We finally checked the Load Balancer (All the E-Comm servers are connected to the LB), and we found that the communication between the production server and the website used ssl v2, whereas the staging used TLSv1.2.

And because of this, the head of department guessed that the team that was responsible with managing the website we were trying to access had blocked the ability to use the old ssl version. We called the team to confirm, and true enough this was the reason of the problem.

However, I am still unclear of why the ssl version for both the servers vary. According to my team lead, only the Load Balancer is configured to use the SSL.

Not the servers. So my question is how did the LB get the information of the different SSL versions for both the servers?
# 2  
How are you managing your certificates? How long are they valid before they expire and need to be renewed?
Login or Register for Dates, Times and to Reply

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

Test Your Knowledge in Computers #543
Difficulty: Easy
A global variable can be accessed and referenced on every line of code.
True or False?

10 More Discussions You Might Find Interesting

1. Linux

Apache wildcard ssl on subdomain serves same page for non ssl virtualhosts

Issue observed: I have configured ng.my-site.com using widlcard ssl cert. When I hit https://www.my-site.com it loads ng.my-site.com website! please advise if I missed any concept / configs... Thank you! httpd.conf <VirtualHost *:80> ServerName www.my-site.com ServerAdmin... (0 Replies)
Discussion started by: ashokvpp
0 Replies

2. AIX

AIX LDAP client authenticate against Linux Openldap server over TLS/SSL

Hi folks, How can i configure an AIX LDAP client to authenticate against an Linux Openldap server over TLS/SSL? It works like a charm without TLS/SSL. i would like to have SSL encrypted communication for ldap (secldapclntd) and ldapsearch etc. while accepting every kind of certificate/CA.... (6 Replies)
Discussion started by: paco699
6 Replies

3. Red Hat

Red Hat application server ssl keystore problem

A client is accessing our JBoss server. In the past, we set up a keystore and everything worked fine. That certificat expired and we've installed the new one. Now the client is getting the following error - HTTP/1.1 500 Internal Server Error Date: Mon, 14 Apr 2014 13:25:44 GMT Server:... (1 Reply)
Discussion started by: kkinney
1 Replies

4. UNIX for Dummies Questions & Answers

Installing SSL certificates on Ubuntu Server 12.04

Hi everyone, I am working on a Nginx + Apache installation for learning purposes, and just got to the point of installing a self-signed certificate for securing some pages that will be used to send "sensitive" information such as login credentials. So far so good. What a I want to know is how can... (2 Replies)
Discussion started by: gacanepa
2 Replies

5. Shell Programming and Scripting

How to connect to FTP server which requires SSL authentication?

Hello, I tried searching through lot of threads for a solution but couldn't fetch the exact solution, so I am creating a new thread. I am trying to connect to a FTP server 1) using a simple FTP command, it gives the error : 534 Policy requires SSL. Login failed. 2) using SFTP... (19 Replies)
Discussion started by: amitshete
19 Replies

6. Web Development

Apache - ModSSL (SSL Version?)

Does anyone know where Apache's use of SSL_VERSION_LIBRARY is defined and pulled from, in regard to headers? So far, I've tracked it down to mod_ssl. Which is fine, however, when I recompile mod_ssl with a new version of OpenSSL, and install the module, the request headers still report the old... (0 Replies)
Discussion started by: sun2ecliptic
0 Replies

7. Web Development

Apache, cgi script run twice when ssl, once when not ssl

I have interesting problem. https:/host/some/x.cgi - this script has run twice when I call this url But http:/host/some/x.cgi work fine, only once. Output is text/plain. If I change output format to the Content-type text/html, then both urls works fine - executed only once. (2 Replies)
Discussion started by: kshji
2 Replies

8. Solaris

network driver not detecting in solaris 10 X86 on HPDL380G5 Server

I have installed solaris10 x86 on HP DL380 G5 Server, but network card is not getting detected. i have installed the network driver, downloaded from the following link HP ProLiant DL380 G5 Server series- Download drivers and software - HP Business Support Center Can any one suggest me how to... (1 Reply)
Discussion started by: raj.chinnu
1 Replies

9. UNIX for Dummies Questions & Answers

to enable POP3(ssl) and SMTP(ssl) in Squid

i have configured Squid proxy server in Fedora 8 with two network interfaces. HTTP, HTTPS, FTP are working fine but we are unable to download mails using mail clients from mail server with POP3(ssl) and SMTP(ssl). so please someone help us how to enable pop and smtp in Squid. (1 Reply)
Discussion started by: praneel2k
1 Replies

10. Solaris

Sun ONE Web Server 6.1 - enable SSL?

I've upgraded Iplannet 4.1 to Sun ONE Web Server 6.1. However. Now i can't seem to connect on port 4443 which was originally being used in 4.1 to deal with transactions....when i try to run a query on this port (4443) i get the following error: Access to the server was denied I suspect i... (1 Reply)
Discussion started by: AJD
1 Replies

Featured Tech Videos