yosifkit
commented
8 years ago Is that possibly related to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774882? That was fixed in openssl 1.0.1t-1+deb8u1 and when I check php:5.6-apache, it has 1.0.1t-1+deb8u2 installed. Have you done a docker pull recently? The current image is 6 days old.
$ docker run -it --rm php:5.6-apache bash
root@f3b660be97e1:/var/www/html# dpkg -s openssl
Package: openssl
Status: install ok installed
Priority: optional
Section: utils
Installed-Size: 1092
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Architecture: amd64
Version: 1.0.1t-1+deb8u2
Depends: libc6 (>= 2.15), libssl1.0.0 (>= 1.0.1k-3+deb8u3)
Suggests: ca-certificates
Conffiles:
/etc/ssl/openssl.cnf 7df26c55291b33344dc15e3935dabaf3
Description: Secure Sockets Layer toolkit - cryptographic utility
This package is part of the OpenSSL project's implementation of the SSL
and TLS cryptographic protocols for secure communication over the
Internet.
.
It contains the general-purpose command line binary /usr/bin/openssl,
useful for cryptographic operations such as:
* creating RSA, DH, and DSA key parameters;
* creating X.509 certificates, CSRs, and CRLs;
* calculating message digests;
* encrypting and decrypting with ciphers;
* testing SSL/TLS clients and servers;
* handling S/MIME signed or encrypted mail.
root@f3b660be97e1:/var/www/html# curl --verbose https://apisandbox-api.zuora.com/rest/v1/subscriptions/preview
* Hostname was NOT found in DNS cache
* Trying 96.6.238.226...
* Connected to apisandbox-api.zuora.com (96.6.238.226) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA
* Server certificate:
* subject: C=US; ST=CA; L=Foster City; O=Zuora Inc.; OU=TechOps; CN=*.zuora.com
* start date: 2015-12-21 18:43:21 GMT
* expire date: 2016-12-21 18:38:18 GMT
* subjectAltName: apisandbox-api.zuora.com matched
* issuer: C=NL; L=Amsterdam; O=Verizon Enterprise Solutions; OU=Cybertrust; CN=Verizon Akamai SureServer CA G14-SHA2
* SSL certificate verify ok.
> GET /rest/v1/subscriptions/preview HTTP/1.1
> User-Agent: curl/7.38.0
> Host: apisandbox-api.zuora.com
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
* Server Zuora App is not blacklisted
< Server: Zuora App
< WWW-Authenticate: Basic realm=Zuora API, ZSession realm=Zuora API
< Content-Type: application/json;charset=utf-8
< Expires: Wed, 15 Jun 2016 17:34:47 GMT
< Cache-Control: max-age=0, no-cache, no-store
< Pragma: no-cache
< Date: Wed, 15 Jun 2016 17:34:47 GMT
< Connection: close
<
{
"success" : false,
"reasons" : [ {
"code" : 90000011,
"message" : "this resource is protected, please sign in first"
} ]
* SSLv3, TLS alert, Client hello (1):
* Closing connection 0
* SSLv3, TLS alert, Client hello (1):
Krzysiaczek
I can't get connection with some servers because of this error. I was working with versions 5.6-apache and 5.4-apache and error appears only in 5.6. Any idea how to fix it?
This is how to recreate problem:
docker run --rm -t -i php:5.6-apache curl --verbose https://apisandbox-api.zuora.com/rest/v1/subscriptions/previewwhere with 5.4 a different story
docker run --rm -t -i php:5.4-apache curl --verbose https://apisandbox-api.zuora.com/rest/v1/subscriptions/preview