• Register
0 votes
1.3k views

Problem:

I am attempting to download records from a https webpage and continue getting the accompanying error:

OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Unable to establish SSL connection.

From perusing sites online I assemble I need to give the server cert and the customer cert. I have discovered strides on the most proficient method to download the server cert yet not the customer cert. Does anybody have a total arrangement of steps to utilize wget with SSL? I additionally attempted the --no-check-certificate alternative however that didn't work.

wget version: wget-1.13.4 openssl version: OpenSSL 1.0.1f 6 Jan 2014

 

6 5 3
7,540 points

Please log in or register to answer this question.

2 Answers

0 votes

Solution :

It works from here with same OpenSSL variant, however a more current rendition of wget (1.15). Taking a gander at the Changelog there is the accompanying critical change in regards to your concern:

1.14: Add support for TLS Server Name Indication.

Note that this site doesn't require SNI. Be that as it may, www.coursera.org requires it. What's more, in the event that you would call wget with -v --debug (as I've expressly prescribed in my remark!) you will see:

$ wget https://class.coursera.org

HTTP request sent, awaiting response...

HTTP/1.1 302 Found

Location: https://www.coursera.org/ [following]

Connecting to www.coursera.org (www.coursera.org)|54.230.46.78|:443... connected.

OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

Unable to establish SSL connection.

So the error really occurs with www.coursera.org and the explanation is missing help for SNI. You have to overhaul your rendition of wget.

9 7 4
38,600 points
0 votes

Solution:

you only need to install the new version of git or set a configuration setting to use tls1.2 to resolve this issue. If you are running windows this is probably the case. If you are running an older version of a UNIX operating system this may not be the case.

Explanation:

Building git requires curl and openssl, and if these are out of date it can cause this error as well. For example, you could download the latest version of curl and build that from source, and then build a new version of git from source as well but if this was all done on a system where your openssl is out of date and doesn't support tls1.2 properly; your newly build version of git and curl are not going to function.

Follow this steps

Use yum or yast to upgrade your openssl, curl and git packages should resolve this error. If you are just needing the setting to set git to use tls1.2 here it is:

git config --global --add http.sslVersion tlsv1.2 git config --global --add http.sslbackend openssl

Here are some examples of debugging the error.

The initial error message git clone https://github.com/some/repo.git Cloning into 'reponame'... fatal: unable to access 'https://github.com/some/repo.git': error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol versionSetting debug in the environment

export GIT_CURL_VERBOSE=1

The expanded error details with debug git clone https://github.com/some/repo.git Cloning into 'ngrep'... Couldn't find host github.com in the .netrc file; using defaults About to connect() to github.com port 443 (# 0) Trying 192.30.253.112... * Connected to github.com (192.30.253.112) port 443 (# 0) successfully set certificate verify locations: CAfile: none

CApath: /etc/ssl/certs/ error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version Expire cleared Closing connection # 0 fatal: unable to access 'https://github.com/some/repo.git': error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol versionChecking curl's functionality
curl https://github.com/some/repo.git curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

 

curl --version curl 7.19.7 (x86_64-suse-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8j zlib/1.2.7 libidn/1.10 Protocols: tftp ftp telnet dict ldap ldaps http file https ftps Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

Here you can see that curl is using an older version of openssl and git is reporting the exact same error because it's built the same out of date shared libraries from openssl. Now, assuming that you have already build the latest version of openssl you could just need to run the ldconfig to update your linker loader. Like so:

$ldconfig

If this doesn't resolve the issue it could be that you still need to update openssl or you need to build and install the newer version and then try it again. If it's linked properly you'll see the version of openssl change to the new build in the curl version output.

curl -V curl 7.59.0 (x86_64-pc-linux-gnu) libcurl/7.59.0 OpenSSL/1.1.0g zlib/1.2.7 Release-Date: 2018-03-14 Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: AsynchDNS Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy

At this point you should be able to test curl against the git URL. As long as that is working and not returning any errors, your git should be working as well assuming you're on the latest version.

 

10 6 4
31,120 points

Related questions

0 votes
1 answer 96 views
96 views
Problem : I am currently using the SourceTree and trying to clone it from the general github repository, but I am facing below error: “Fatal: unable to access 'https://github.com/mfitzp/15-minute-apps.git/': error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version Completed with errors, see above.” How can I resolve it?
asked Jan 3, 2020 alecxe 7.5k points
1 vote
1 answer 206 views
206 views
Problem : I am very new to wget. Currently I want to wget to my current box but I am facing below error: wget http://example.com --2013-03-01 15:03:30--  http://example.com/ Resolving example.com... 172.20.0.224 Connecting to example.com|172.20.0.224|:80... ... it and tried to find solution on it. But unable to do so as I am very new to wget. I need expert help to fix by above wget error.
asked Apr 16, 2020 stewart 4k points
1 vote
1 answer 86 views
86 views
Problem : I want to retrieve some of the information from the ABB G13 gateway that offer the RESTful JSON API. API is hosted by a gateway via the https endpoint. Basic authentication mechanism is used for the authentication. However all the traffic goes through ... line 522, in send raise SSLError(e, request=request) requests.exceptions.SSLError: EOF occurred in violation of protocol (_ssl.c:680)
asked Jan 2, 2020 alecxe 7.5k points
0 votes
1 answer 89 views
89 views
Problem: I am trying to consume a PHP webservice which has the SSL certificate. I have the .net 3.5 Class library it references the webservice with a 'Add Service references' in Visualstudio 2010 If I try calling the main method of my webservice then I ... SslPolicyErrors sslPolicyErrors) { return true; } But somehow it is not working. Also I have already a certificate installed on my own pc.
asked Aug 12, 2020 Raphael Pacheco 4.9k points
0 votes
1 answer 446 views
446 views
Problem : I have a java complied package and it is sopposed to communicate with https server on net. But when i try running the compilation gives the following exception: javax.net.ssl.sslexception: unrecognized ssl message, plaintext connection?
asked Oct 23, 2019 peterlaw 6.9k points
0 votes
2 answers 263 views
263 views
Problem : I am getting bellow error while using keytool keytool error: java.lang.exception: public keys in reply and keystore don't match
asked Oct 19, 2019 peterlaw 6.9k points
0 votes
1 answer 6 views
6 views
Problem do you want to view only the webpage content that was delivered securely
asked Feb 9 charles mathews 3.8k points
1 vote
1 answer 16 views
16 views
I am trying to open an https URL using the urlopen method in Python 3's urllib.request module. It seems to work fine, but the documentation warns that "[i]f neither cafile nor capath is specified, an HTTPS request will not do any verification of the server’s ... get this list from? Is there any simple and cross-platform way to use the same list of certificates that my OS or browser uses?
asked Sep 13, 2020 Marivoke 530 points
0 votes
1 answer 55 views
55 views
Problem : I have the Java web service client, which consumes the web service via HTTPS. When I try to connect to the service URL (https://AAA.BBB.CCC.DDD:9443/ISomeService ), I get the exception as below: “ Java.security.cert.CertificateException: No subject alternative names present.”
asked Jan 21, 2020 jwilliam 3.9k points