notwitch has asked for the wisdom of the Perl Monks concerning the following question:

I've upgraded to Ubuntu 12.04 which has openssl-1.0.1

My GET command now fails, because:
openssl s_client -connect server.com:443 fails.

From reading about the problem, I'm not sure openssl is going to fix this, it may be considered a "broken" server (but it's not my server to fix.)

My Perl question is: Since adding the -ssl3 option to s_client
openssl s_client -ssl3 -connect server.com:443 works. Is there's a way to set an ENV or configuration file so that GET and POST's will use the -ssl3 option.

jji

UPDATE

I'm using GET's and POST's in shell scripts.

Replies are listed 'Best First'.
Re: GET, POST, and openssl 1.0.1
by tobyink (Canon) on Jun 22, 2012 at 19:13 UTC

    Assuming here that you're using LWP::UserAgent - you don't explicitly say.

    LWP::UserAgent uses IO::Socket::SSL under the hood. The IO::Socket::SSL constructor takes a SSL_version option. You can set this to the string 'SSLv3' to force the use of SSL version 3.

    The trick to get LWP::UserAgent to pass this option to IO::Socket::SSL is the ssl_opts option...

    my $ua = LWP::UserAgent(
    agent    => q{Foo::Bar/1.03 },
    ssl_opts =>  {SSL_version => 'SSLv3'},
);
my $response = $ua->get('https://www.example.com/');

    [download]

    UPDATE: you probably want to edit your /usr/bin/lwp-request to include the ssl_opts option.

    perl -E'sub Monkey::do{say$_,for@_,do{($monkey=[caller(0)]->[3])=~s{::}{ }and$monkey}}"Monkey say"->Monkey::do'
[reply]
[d/l]
[select]
      I was under the impression IO::Socket::SSL would negotiate with the server on a SSL version
[reply]
        Usually, yes. But it's occasionally necessary to force a specific version to workaround broken servers.
        perl -E'sub Monkey::do{say$_,for@_,do{($monkey=[caller(0)]->[3])=~s{::}{ }and$monkey}}"Monkey say"->Monkey::do'
[reply]

Back to Seekers of Perl Wisdom