search

MISP / MISP-Taxii-Server

An OpenTAXII Configuration for MISP
BSD 3-Clause "New" or "Revised" License
80 stars 30 forks source link

Taxii-Push Error: SSL_Wrong_Version_Number #101

Open csoccti opened 2 years ago

csoccti commented 2 years ago

Hi,

I've been trying to add the MISP-Taxii-Server configuration to my up-and-running Apache MISP server on Ubuntu 20.0.4 LTS. When I try to do the following: taxii-push --path https://localhost:9000/services/inbox -f ~/MISP-Taxii-Server/tests/test.xml --dest my_collection --username admin --password admin

I receive the following error: `HTTPSConnectionPool(hostlocalhost', port=9000): Max retries exceeded with url: /services/inbox (Caused by SSLError(SSLError(1, '[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1131)')))`

Attached are my configuration files (please note - the secret and passwords have all been changed, I'm using the default values for demonstration):

MISP/Taxii-Server/config/config.yaml `domain: "localhost" support_basic_auth: yes

persistence_api: class: opentaxii.persistence.sqldb.SQLDatabaseAPI parameters: db_connection: mysql://taxii:some_password@localhost/taxiipersist create_tables: yes

auth_api: class: opentaxii.auth.sqldb.SQLDatabaseAPI parameters: db_connection: mysql://taxii:some_password@localhost/taxiiauth create_tables: yes secret: ILoveTheSecretStringIsIsGreatButNeedsToBeChangedFrienderino

logging: opentaxii: info root: info

hooks: misp_taxii_hooks.hooks

zmq: host: localhost port: 50000

misp: url: "https://localhost" api: APIKEY dedup: true collections:

taxii: auth: username: admin password: admin collections:

verifySSL: False ` I've added the verifySSL:False value to try and diagnose the problem, it hadn't changed a thing.

etc/apache2/sites-enabled/misp-ssl.conf `<VirtualHost *:80> ServerAdmin serveradmin@misp.local ServerName localhost

Header always unset "X-Powered-By"

RewriteEngine On
RewriteCond %{HTTPS}  !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

ServerSignature Off

<VirtualHost *:444> ServerAdmin serveradmin@misp.local ServerName localhost DocumentRoot /var/www/MISP/app/webroot <Directory /var/www/MISP/app/webroot> Options -Indexes AllowOverride all Require all granted 

SSLEngine On

SSLProtocol All SSLCipherSuite (values) SSLHonorCipherOrder off SSLSessionTickets off

Protocols h2 http/1.1

SSLCertificateFile /usr/local/share/ca-certificates/MISP/localhost+3.pem
SSLCertificateKeyFile /usr/local/share/ca-certificates/MISP/localhost+3-key.pem
SSLCertificateChainFile /usr/local/share/ca-certificates/MISP/rootCA.pem

LogLevel warn
ErrorLog /var/log/apache2/misp.local_error.log
CustomLog /var/log/apache2/misp.local_access.log combined

ServerSignature Off

Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options SAMEORIGIN
Header always unset "X-Powered-By"

SSLUseStapling On SSLStaplingCache "shmcb:logs/ssl_stapling(32768)" `

I am not using a proxy as far as I am aware (tried set | grep -i proxy and got no results).

When I telnet to localhost 9000 and try GET to https://localhost:9000/services/inbox, I receive a 404 error.

However, when I curl -i -v https://localhost:9000/services/inbox, I receive the following output:

*   Trying localhost:9000...
* TCP_NODELAY set
* Connected to localhost port 9000 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number
* Closing connection 0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

What am I doing wrong? And how do I fix this?

Thanks in advance.

csoccti commented 2 years ago

Apache ports.conf file: `Listen 80

IfModule ssl_module Listen 443 Listen 9000 /IfModule

IfModule mod_gnutls.c Listen 443 Listen 9000 /IfModule `