Hi Massimo,
We do things like that:
http::register https 443 [list ::tls::socket -require 1 -cadir
$data_(cert_) -ssl2 0 -ssl3 0 -tls1 1]
I hope it helps.
Brice.
On Thu, Sep 5, 2019 at 12:41 PM Massimo MANGHI <massimo.man...@unipr.it>
wrote:
> good day, fellow Tcl'ers
>
> does anyone of you have experience with SSL/TLS on Tcl? A couple of
> weeks ago I happily added to a project the ability of getting citations
> through a DOI (Digital Object Identification) resolver and serve them
> with a Rivet web service and Ajax to the clients. It was really cool.
> Yesterday it stopped working with this protocol handshake error
>
> error flushing "sock55f49a92e3e0": connection reset by peer
> while evaluating {source doi.tcl }
> SSL channel "sock55f49a92e3e0": error: sslv3 alert handshake failure
>
> As a matter of fact it stopped working outside Rivet and on every
> machine I could test it on (suggesting something had changed on the
> server side). This a simple standalone test script
>
>
> package require http
> package require tls
>
> ::http::register https 443 [list ::tls::socket -ssl3 false \
> -ssl2 false \
> -tls1 true]
>
> set doi "https://dx.doi.org/10.1073/pnas.0910249107";
>
> set token [::http::geturl $doi -headers "Accept application/x-bibtex"]
>
> The error occurs with both tls 1.6 and 1.7 (the latter has SSL3
> disabled by default). I gather from what I read on the internet that
> debugging SSL/TLS negotiations is often hard and error messages are
> often misleading. This might be the case because ssl3 is disabled.
> Furthermore testing the resolver with curl works as expected, so at the
> moment I'm clueless.
>
> really disappointing. Any suggestion?
>
> -- Massimo
>
> Firma il tuo 5 per mille all’Università di Parma e aiuta così i nostri
> studenti che vogliono realizzare un’esperienza di studio all’estero -
> Indica 00308780345 nella tua denuncia dei redditi.
>
