soap request force ssl connection

aktinide has asked for the wisdom of the Perl Monks concerning the following question:

I am posting a soap request using LWP or SOAP::Lite where the access is protected by basic authentication, the soapserver string is using ssl as URL like : https://IP:PORT/path-to-soap-provider.

Without the path-to-soap-provider, just connectiong to IP:PORT, the server replies http requests as well as https.( for any reasson )

The script fails with Error:

SSL connect attempt failed error:14077102:SSL routines:SSL23_GET_SERVE
+R_HELLO:unsupported protocol
[download]

which is fair enough due to the fact server:port does not behave as ssl server if not forced to do

Using openssl s_client to test the connection:

openssl s_client -connect IP:PORT
[download]

fails with the same error message , while:

openssl s_client -connect IP:PORT  -ssl3
[download]

does make the server to act as ssl server

Reducing a script to the basic connection, I can see the same error Message:

 
#!/usr/bin/perl
use IO::Socket::SSL qw(debug3);

my $client = IO::Socket::SSL->new(
        PeerAddr => 'IP',
        PeerPort => 'PORT'    
        SSL_verify_mode => 0x00
);
        ##SSL_version => 'SSLv3'

if(defined $client){ 
        
        print <$client>;
        close $client;
}else{
        warn "I encountered a problem: ",IO::Socket::SSL::errstr();
}
exit;
[download]

The SSL_version config is testing the connection to match the given protocol, but obviously not forcing the server the way openssl does. Any other tests dealing with cookies, authentication, ssl_verfiy_mode or ssl_version , do not help, because obviously the basic connection fails before.

soapui java-Application as well as simple vbs script is doing the job , assuming it is possible in general.

What did I miss ? Is there any way to get the same behaviour as with openssl s_client ?

Comment on soap request force ssl connection Select or Download Code

Replies are listed 'Best First'.
Re: soap request force ssl connection by Anonymous Monk on May 14, 2015 at 10:31 UTC
site:perlmonks.org LWP ssl3 -> mechanize and sslv3 -> Re^3: mechanize and sslv3	[reply]
Re^2: soap request force ssl connection by aktinide (Initiate) on May 14, 2015 at 13:13 UTC
setting ssl_opts => { SSL_version => 'SSLv3'} results in : `DEBUG: .../IO/Socket/SSL.pm:1780: SSL Version SSLv3 not supported` [download] therefore my assumption is there is just no ssl communicaton at this point in time. SSL_version in the Perl Module somehow has different effect than -ssl3 flag to openssl s_client	[reply] [d/l]
Re^3: soap request force ssl connection by noxxi (Pilgrim) on May 14, 2015 at 19:12 UTC
... SSL Version SSLv3 not supported That means that the OpenSSL library used by Perl (Net::SSLeay) is compiled without SSLv3 support. Looks like latest Strawberry Perl comes with OpenSSL 1.02 and disabled SSLv3 support. This means you will not be able to use SSLv3 with this Perl. SSL_version in the Perl Module somehow has different effect than -ssl3 flag to openssl s_client No, it should not. Apart from that the server looks fairly broken to me, i.e. only support for SSLv3 and no support for SSLv23 handshake.	[reply]
Re^3: soap request force ssl connection by Anonymous Monk on May 14, 2015 at 23:44 UTC
Two things, SSLv3 has been outdated since 1999 when http://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.0 came out That is like 150 years in computer time ssLv3 is vulnerable SSLv3 Support Disabled By Default Due to POODLE Vulnerability So if you want something old and broken, you have to go ou of your way to compile it back in and what not	[reply]
Re: soap request force ssl connection by Anonymous Monk on May 14, 2015 at 17:46 UTC
I think you may have to relax the cipher list if certificates aren't set up: `SSL_cipher_list => 'HIGH'`. Otherwise you have no applicable ciphers even though verify_mode is none. This is insecure, of course.	[reply] [d/l]