Does perl-5.16.0-LWP-Protocol-Connect-6.09.tgz supports TLS 1.2?

Question

I am kind of new to perl world but my script fails when loaded via SFTP with below error ,

IN SUBROUTINE: CSRF TOKEN DECODED CONTENT: error while setting up ssl connection (SSL connect attempt failed with unknown error error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) at /home/rcc/perl5/lib/perl5/LWP/Protocol/https/connect/Socket.pm line 23. Looping through csrf response array, param = [error while setting up ssl connection (SSL connect attempt failed with unknown error error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) at /home/rcc/perl5/lib/perl5/LWP/Protocol/https/connect/Socket.pm line 23. ]

Under the assumption its because of TLS depreciation , we upgraded SSL version but still doesn't work, can someone help us understand how to fix the issue ?

Or is there a latest version of perl LWP which by upgrade can fix the issue ? repacking the current package seems to be complex.

Thanks in advance.

Answer 1

The SSL handling is not done directly by LWP::Protocol::connect. Instead it uses IO::Socket::SSL which then uses Net::SSLeay which then uses the linked in OpenSSL library which is not necessarily the one used by the openssl binary. The general capability to use TLS 1.2 depends on the version of OpenSSL which should be at least 1.0.1.

To get the versions of the various parts use the following code

use strict;
use IO::Socket::SSL;

printf "IO::Socket::SSL  %s\n", $IO::Socket::SSL::VERSION;
printf "Net::SSLeay      %s\n", $Net::SSLeay::VERSION;
printf "OpenSSL compiled %x\n", Net::SSLeay::OPENSSL_VERSION_NUMBER();
printf "OpenSSL linked   %x - %s\n", Net::SSLeay::SSLeay(), 
   Net::SSLeay::SSLeay_version(0);

... SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

Note that a TLS handshake problem can have lots of different reasons and an unsupported TLS protocol version is just one of many. No shared ciphers is another common problem at this stage of the connection.