https://bugzilla.redhat.com/show_bug.cgi?id=1532250 --- Comment #1 from Paul Howarth <paul@xxxxxxxxxxxx> --- The problem here is that the target server doesn't support newer SSL protocols/ciphers, and the ones it does support are below the standard required by the system-wide crypto policy (see https://fedoraproject.org/wiki/Changes/CryptoPolicy), which is implemented in Fedora's perl-IO-Socket-SSL package (this is why your use of raw Net::SSLeay works, and IO::Socket::SSL doesn't). I can make it work by changing the IO::Socket::SSL->new() invocation to this: my $cl = IO::Socket::SSL->new( PeerHost => $ARGV[0], PeerPort => 'https', SSL_cipher_list => 'DES-CBC3-SHA' ); A useful debugging tool for this is analyze-ssl.pl, which you can get from https://github.com/noxxi/p5-ssl-tools (this is from the upstream maintainer of IO::Socket::SSL). Example output: $ perl analyze-ssl.pl www.halstead.com:443 -- www.halstead.com port 443 ! server sent unused chain certificate '/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority' ! server sent unused chain certificate '/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority' * maximum SSL version : TLSv1 (SSLv23) * supported SSL versions with handshake used and preferred cipher(s): * handshake protocols ciphers * SSLv23 TLSv1 DES-CBC3-SHA * TLSv1_2 FAILED: SSL connect attempt failed error:1417110A:SSL routines:tls_process_server_hello:wrong ssl version SSL connect attempt failed * TLSv1_1 FAILED: SSL connect attempt failed error:1417110A:SSL routines:tls_process_server_hello:wrong ssl version * TLSv1 TLSv1 DES-CBC3-SHA * SSLv3 SSLv3 DES-CBC3-SHA * cipher order by : unknown * SNI supported : ok * certificate verified : ok * chain on 209.173.134.149 * [0/0] bits=2048, ocsp_uri=http://ocsp.netsolssl.com, /C=US/postalCode=10065/ST=NY/L=New York/street=770 Lexington Ave/O=Halstead Property/OU=Web/OU=Secure Link SSL Wildcard/CN=*.halstead.com SAN=DNS:*.halstead.com,DNS:halstead.com * [1/1] bits=2048, ocsp_uri=http://ocsp.usertrust.com, /C=US/ST=VA/L=Herndon/O=Network Solutions L.L.C./CN=Network Solutions OV Server CA 2 * [2/-] bits=4096, ocsp_uri=http://ocsp.usertrust.com, /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority * [-/2] bits=4096, ocsp_uri=, /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority * OCSP stapling : no stapled response * OCSP status : good (soft error: http://ocsp.usertrust.com: OCSP response failed: internalerror; subject: /C=US/ST=VA/L=Herndon/O=Network Solutions L.L.C./CN=Network Solutions OV Server CA 2; /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Au thority) -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ perl-devel mailing list -- perl-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to perl-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
