A NOTE has been added to this issue. ====================================================================== https://www.opencsw.org/mantis/view.php?id=5068 ====================================================================== Reported By: beezly Assigned To: dam ====================================================================== Project: wget Issue ID: 5068 Category: regular use Reproducibility: always Severity: minor Priority: normal Status: assigned ====================================================================== Date Submitted: 2013-04-19 11:58 CEST Last Modified: 2013-06-07 22:39 CEST ====================================================================== Summary: Problems negotiating SSL with updates.oracle.com Description: with wget 1.14 I am experiencing problems connecting to updates.oracle.com (as PCA does when it pulls down the patchdiag.xref file).
If I do; /opt/csw/bin/wget -d --progress=dot:binary --ca-certificate=/opt/csw/bin/pca -O /var/tmp/patchdiag.xref "https://getupdates.oracle.com/reports/patchdiag.xref"; I get; Setting --progress (progress) to dot:binary Setting --ca-certificate (cacertificate) to /opt/csw/bin/pca Setting --output-document (outputdocument) to /var/tmp/patchdiag.xref DEBUG output created by Wget 1.14 on solaris2.10. URI encoding = 'ISO8859-1' --2013-04-19 10:54:03-- https://getupdates.oracle.com/reports/patchdiag.xref Resolving getupdates.oracle.com (getupdates.oracle.com)... 141.146.44.51 Caching getupdates.oracle.com => 141.146.44.51 Connecting to getupdates.oracle.com (getupdates.oracle.com)|141.146.44.51|:443... connected. Created socket 5. Releasing 0x000e8a18 (new refcount 1). Initiating SSL handshake. SSL handshake failed. Closed fd 5 Unable to establish SSL connection. The same works if I use /usr/sfw/bin/wget instead (1.12 on this system). ====================================================================== Relationships ID Summary ---------------------------------------------------------------------- has duplicate 0005076 Unable to establish SSL connection ====================================================================== ---------------------------------------------------------------------- (0010422) yann (developer) - 2013-06-07 22:39 https://www.opencsw.org/mantis/view.php?id=5068#c10422 ---------------------------------------------------------------------- Finally a real answer from Oracle after a long time, I put it below. Opencsw is mentioned in the documentation about wget. I will give them the exact workaround if they want to add it. -------------------------------------------------------------------- Hi Yann, Website admin team will plan to upgrade the webserver s/w during their next meeting so it can support TLS1.2. At this time, TLS1.2 is not supported. https://getupdates.oracle.com web server does not fully support TLS 1.2 Only OpenSSL versions from branch 1.0.0 will work - Oracle Solaris does not deliver higher versions at this time. Customers who are trying to access the URL using latest wget/OpenSSL (ie. from www.opencsw.org) version with TLS 1.2 support may get connection failures. The same is documented, please refer below oracle doc.. Patch download automation for Sun products using wget [ID 1199543.1] I will close this case on 10th-june unless you need further clarification on this Thanks Murugan _______________________________________________ bug-notifications mailing list [email protected] https://lists.opencsw.org/mailman/listinfo/bug-notifications
