0

I am using LWP::UserAgent version 6.03 to fetch the status of website.

   my $ua = LWP::UserAgent->new(ssl_opts => {verify_hostname => 0},);
   $ua->cookie_jar({});
   $ua->agent('Mozilla/5.0');
   push @{$ua->requests_redirectable}, 'POST';
   push @{$ua->requests_redirectable}, 'GET';

   my $url = 'https://foo.com'
   $page = $ua->get($url);
   print "Error ".$page->status_line."\n";

When I am running this code on my unix machine it giving the following status and the error message for LWP module.

   #status
   500 Can't connect to foo.com:443

   #error
   LWP::Protocol::https::Socket: SSL connect attempt failed with unknown 
   errorerror:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert 
   unexpected message at /usr/local/lib/perl5/site_perl/5.8.9/LWP/Protocol/http.pm line 51.

I tried to make use of answer given to similar question but it did not worked out. Need your valuable advice.

ran the debug 

DEBUG: .../IO/Socket/SSL.pm:193: set domain to 2
DEBUG: .../IO/Socket/SSL.pm:1545: new ctx 74489552
DEBUG: .../IO/Socket/SSL.pm:334: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:336: socket connected
DEBUG: .../IO/Socket/SSL.pm:349: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:379: set socket to non-blocking to enforce timeout=180
DEBUG: .../IO/Socket/SSL.pm:392: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:402: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:412: waiting for fd to become ready: SSL wants a  read first
DEBUG: .../IO/Socket/SSL.pm:432: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:392: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1276: SSL connect attempt failed with unknown errorerror:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message

DEBUG: .../IO/Socket/SSL.pm:398: fatal SSL error: SSL connect attempt failed with unknown errorerror:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message
DEBUG: .../IO/Socket/SSL.pm:1276: IO::Socket::INET6 configuration failederror:00000000:lib(0):func(0):reason(0)
DEBUG: .../IO/Socket/SSL.pm:1582: free ctx 74489552 open=74489552

DEBUG: .../IO/Socket/SSL.pm:1590: OK free ctx 74489552`
Community
  • 1
  • 1
made_in_india
  • 2,109
  • 5
  • 40
  • 63
  • 2
    Please provide the URL and the version of the dependent modules (probably IO::Socket::SSL) you are using and preferable the version of openssl too. And do you require a proxy? – Steffen Ullrich May 26 '15 at 17:54
  • IO::Socket::SSL->VERSION : `Version1.54` – made_in_india May 26 '15 at 18:21
  • Please enable debugging by running your code with `perl -MIO::Socket::SSL=debug4 app.pl`. For better help provide the OpenSSL version too (`perl -MIO::Socket::SSL -e 'printf "%x\n", Net::SSLeay::OPENSSL_VERSION_NUMBER()'`. And unless it fails with all URLs you better provide the target host too if you expect help. For now a guess is that it is related to SNI which is only available since 1.56. – Steffen Ullrich May 26 '15 at 18:52
  • Its failing with this specific url alone.Got to know the host that they have `disable sslv3 on purpose.` – made_in_india May 26 '15 at 19:38
  • `perl -MIO::Socket::SSL -e 'printf "%x\n", Net::SSLeay::OPENSSL_VERSION_NUMBER()'` : `90701f` – made_in_india May 26 '15 at 19:41
  • 2
    Congratulations that you manage to run a 12 year old version of openssl (0.9.7a). Any more help only if the URL is provided. – Steffen Ullrich May 26 '15 at 19:52
  • @SteffenUllrich : the url is of client portal that I cnt share :( – made_in_india May 26 '15 at 20:10
  • 1
    Then you are unfortunately on your own. There might be a lot of reasons why this fails and you can try to debug it yourself with the help of http://noxxi.de/howto/ssl-debugging.html. If possible I would suggest to you to use recent versions of openssl and IO::Socket::SSL, since lots of todays essential features like SNI, SHA-256 signatures or TLS1.1+ are not supported be the old libraries you use. – Steffen Ullrich May 26 '15 at 20:15
  • @made_in_india, We don't need the whole url, just the domain. – ikegami May 26 '15 at 20:18
  • try adding `SSL_version => 'SSLv3'` to your ssl options – harvey May 27 '15 at 05:30
  • 1
    Just a quick note: SSLv3 is considered insecure and many web sites have disabled it (and you'll need to use TLS). I agree with @SteffenUllrich: you may need to upgrade your libraries. – kjpires May 27 '15 at 12:05
  • the issue was resolved. I just added the `SSL_version => 'TLSv1'` in ssl option – made_in_india May 28 '15 at 19:37

1 Answers1

1

Yeah... This sort of thing happens when some services account for the Poodle vulnerability. I haven't done the research to find the exact cause. It just appears the in some cases the client and server don't properly negotiate the protocol. We've gotten around it by adding 'SSL_version' => 'tlsv1' to the "ssl_opts". I don't really like it though since next protocol upgrade it will need fixing again. I'd far rather let the libraries do the negotiation on their own.

Jason
  • 71
  • 2