user1726707 user1726707 - 2 months ago 31
Perl Question

SSL handshake error

I am hitting a handshake problem with one of our servers. I cant seem to figure out how to resolve this. A few days back, I was facing a similar issue while connecting to one of our other servers and you can follow that in this question. That issue was resolved but I am facing one more similar issue like that.

This is from the error logs.

DEBUG: .../IO/Socket/SSL.pm:415: connection failed - connect returned 0
DEBUG: .../IO/Socket/SSL.pm:1175: SSL connect attempt failed because of handshake problemserror:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure


I ran an openssl command too and here is the output.

-> openssl s_client -connect ABC:443 -CApath XXX
CONNECTED(00000003)
...
31507:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1101:SSL alert number 40
31507:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:


I am seeing an alert number 40 there. Does it signify something??
Is the server expecting some sort of client certificates for the handshake?

Answer

Coming to why it was specifically failing in my script, I found the reason for it.

Before answering that I will enlist my environment to have a context

  1. Perl : 5.10.1 (custom perl managed by perlbrew). So I am not using the modules which come by default with the system perl.
  2. Modules managed by cpanm
  3. Running on Ubuntu 14.04

I resolved it by installing Crypt::SSLeay module. Apparently LWP module doesn't support https without this module.

I figured this out be enabling the debugging in IO::Socket::SSL module.

use IO::Socket qw(debug4);

It might help someone in the future :)

EDIT : My scripts are still failing for some SSL connections. Looks like the openssl version is the culprit according to the thread here