AmishPhysicist has asked for the wisdom of the Perl Monks concerning the following question:
Hi!
I've been trying to get an all-TLSv1 session set up with a very finicky server and have had no luck getting the handshake to go through. I've had some limitied luck using this:
if(!($sock = IO::Socket::SSL->new( PeerAddr => 'localhost', PeerPort => '444', Proto => 'tcp', SSL_version => 'TLSv1'))) { exit(0); }
I can get an open socket, but I wanted all the fancy POST capabilities of LWP and HTTP::Request::Common. I've been trying to get things working using the following, but end up with handshake failures.
$ENV{HTTPS_VERSION} = 3; $ENV{HTTPS_DEBUG} = 1; # Variables for the URL retrieving my $ua = new LWP::UserAgent; $ua->cookie_jar($cookie_jar); my $res; my $post = POST $url, \%form; $post->authorization_basic('_api_', $key); print $post->content . "\n"; $res = $ua->request( $post );
Using ssltap, I see these handshake failures coming back.
Connection #194 [Wed Nov 9 11:31:43 2011] Connected to localhost:443 --> [ recordLen = 108 bytes (108 bytes of 108) [Wed Nov 9 11:31:43 2011] [ssl2] ClientHelloV2 { version = {0x03, 0x01} cipher-specs-length = 81 (0x51) sid-length = 0 (0x00) ... ] <-- [ (7 bytes of 2) SSLRecord { [Wed Nov 9 11:31:43 2011] type = 21 (alert) version = { 3,1 } length = 2 (0x2) fatal: handshake_failure } ]
Any idea what's going on? I'm assuming it's getting dropped based on the ClientHelloV2, as it's not v3 with TLS.
Thanks!
-nate
|
|---|
| Replies are listed 'Best First'. | |
|---|---|
|
Re: Forcing all TLSv1 with LWP?
by remiah (Hermit) on Nov 10, 2011 at 02:43 UTC |