I had a perl app to query some data via SOAP, and it was working up until yesterday. Now I just get the error:

LWP::Protocol::https::Socket: SSL connect attempt failed at /usr/lib/perl5/site_perl/5.8.8/LWP/Protocol/http.pm line 47.

Someone from the server team told me they just upgraded to no longer support TLS 1.0. I've tried a few things (including upgrading my openssl library from 0.9.8 to 1.0.1), and still can't get it working.

Here is the snippet of what was working before:

 
#!/usr/bin/perl

use strict;
use LWP::UserAgent;
use HTTP::Request;
use HTTP::Response;

my $ua = LWP::UserAgent->new();
$ua->ssl_opts(
  SSL_ca_file => '/var/www/cgi-bin/sz/api/apisb-fullrootchain.crt',
  SSL_verifycn_scheme => 'http',
  SSL_verifycn_name => 'apisandbox.zuora.com'
);

my $req = HTTP::Request->new(POST => 'https://apisandbox.zuora.com/app
+s/services/a/68.0');
$req->header(
  'Content-Type' => 'text/xml; charset=utf-8',
  'SOAPAction'   => 'login'
);
$req->content($xml_content);
my $resp = $ua->request($req);

[download]

In addition to upgrading openssl library, I also tried adding the SSL_version param to ssl_opts call (trying all kinds of permutations of the version string such as tlsv1_1, tlsv11, etc).

 
$ua->ssl_opts(
  SSL_version => '!TLSv1',
  SSL_ca_file => '/var/www/cgi-bin/sz/api/apisb-fullrootchain.crt',
  SSL_verifycn_scheme => 'http',
  SSL_verifycn_name => 'apisandbox.zuora.com'
);

[download]

Also, I tried this with similar permutations:

 
my $context = new IO::Socket::SSL::SSL_Context(
  SSL_version => '!tlsv1',
  );
IO::Socket::SSL::set_default_context($context);

[download]

Here are my specifics:

 
[root@one-commerce-vm.cs.qai install]# perl -MIO::Socket::SSL -e 'prin
+t "$IO::Socket::SSL::VERSION\n"'
2.023
[root@one-commerce-vm.cs.qai install]# perl -MNet::SSLeay -e 'print "$
+Net::SSLeay::VERSION\n"'
1.72
[root@one-commerce-vm.cs.qai install]# perl -MNet::HTTP -e 'print "$Ne
+t::HTTP::VERSION\n"'
6.09
[root@one-commerce-vm.cs.qai install]# perl -MLWP::UserAgent -e 'print
+ "$LWP::UserAgent::VERSION\n"'
6.15

[root@one-commerce-vm.cs.qai install]# openssl version -a
OpenSSL 1.0.1g 7 Apr 2014
built on: Fri Feb  5 09:19:23 PST 2016
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfi
+sh(idx) 
compiler: gcc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_
+H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32
+_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_G
+F2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_
+ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/local/ssl"

[download]

Any suggestions appreciated!

In reply to How to not send TLS 1.0 on https soap call by davew

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.