Hi, thought I'd include the traces from this latest OpenSSL 1.0.2d build.
On Mon, Oct 12, 2015 at 1:06 PM, KS Lee <[email protected]> wrote: > Hello Daniel > > We're re-ran the tests after upgrading our code to use libcurl to 7.44 and > OpenSSL 1.0.2d. Same error, CURLE_RECV_ERROR, connection is closed after > receiving a few frames from the peer. > > Trying 10.1.8.95... Name '192.168.128.61' family 2 resolved to '192.168.128.61' family 2 Local port: 0 Connected to xxxx.com (99.99.99.99) port 443 (#0) ALPN, offering http/1.1 Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH SSL re-using session ID {syn}{etx}{soh}{stx} TLSv1.0 (OUT), TLS handshake, Client hello (1): ... TLSv1.0 (IN), TLS change cipher, Client hello (1): ... SSL connection using TLSv1.0 / AES256-SHA *ALPN, server did not agree to a protocol* Server certificate: subject: C=MY; ST=Wilayah Persekutuan; L=Kuala Lumpur; O=Bursa Malaysia Berhad; CN=ept.bursamalaysia.com start date: 2014-10-27 00:00:00 GMT expire date: 2016-12-25 23:59:59 GMT issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)10; CN=VeriSign Class 3 International Server CA - G3 SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway. POST /xxxxx.form HTTP/1.1 Host: xxxxx.com User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36 Accept: */* Accept-Encoding: deflate, gzip Cookie: PD-S-SESSION-ID=0_kQ5569Se1/4/Z1CEXXmcfcViUNHWo53lMJnk8s4/Yv4iV2ST7s0= Content-Length: 107 Content-Type: application/x-www-form-urlencoded ... HTTP/1.1 302 Moved Temporarily content-length: 1435 content-type: text/html ... ... (some fragments came back) ... SSL read: error:00000000:lib(0):func(0):reason(0), errno 10054 *** note: prior to this message, there were a few other messages that completed successfully i.e. logon, and redirection. > *> * >> *> *> libcurl/7.44.0 OpenSSL/0.9.8k zlib/1.2.8 * * >> *> * >> *> This OpenSSL version is fairly old (March 2009) and it could be worth * >> *> trying a * >> *> more modern version before putting a lot of efforts into this. * >> *> * >> *Yes, we have cut a version with OpenSSL 1.0.2d. Will be retesting >> tomorrow.* >> * * >> >> *> *> THEN ERROR HERE >>>> SSL read: * >> *> error:00000000:lib(0):func(0):reason(0), * * >> *> * >> *> Based on this, I would suspect something fishy on the TLS or TCP >> layer. * >> *> Using * >> *> wireshark to check out the TCP traffic on the last parts of the * >> *> communication * >> *> could at least rule that out. * >> *> * >> *> Also, can you do _other_ HTTPS requests successfully against this >> site? I * >> *> mean * >> *> doing a simple GET or something on another URL? Could make an easier >> test * >> *> and * >> *> debug case. * >> *> * >> >> *Just prior to this, there was another SSL-based POST/GET to authenticate >> user credentials. And that worked fine. The user was logged in OK without >> any errors.* >> >> >> > To summarise, when connecting to the peer via firewall, seems like the > peer is closing the connection after sending a few frames of messages to us. > > Libcurl with OpenSSL 0.9.8k - error if not run through a proxy > Libcurl with OpenSSL 1.0.2d - error if not run through a proxy > > Libcurl with OpenSSL 0.9.8k - no error if run through a proxy > Libcurl with OpenSSL 1.0.2d - no error if run through a proxy > > But when we add a proxy and then onto the firewall, the connection works > fine. Messages get exchanged without any errors. > > Does this look like an OpenSSL error? Am wondering why the presence of a > proxy is significant in this situation? > > Any help is appreciated. > > > Kind regards > KS > > > > > >
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
