Closed alex closed 5 months ago
~ ❯❯❯ curl -vvv -I https://www.openssl.org * Trying [2600:1901:0:1812::]:443... * Connected to www.openssl.org (2600:1901:0:1812::) port 443 * ALPN: curl offers h2,http/1.1 * (304) (OUT), TLS handshake, Client hello (1): * CAfile: /etc/ssl/cert.pem * CApath: none * LibreSSL/3.3.6: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure * Closing connection curl: (35) LibreSSL/3.3.6: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure
~ ❯❯❯ openssl s_client -debug -connect www.openssl.org:443 Connecting to 2600:1901:0:1812:: CONNECTED(00000005) write to 0x600002d96980 [0x139817200] (323 bytes => 323 (0x143)) 0000 - 16 03 01 01 3e 01 00 01-3a 03 03 05 df 2d 0a 52 ....>...:....-.R 0010 - 7e 12 27 51 0c 71 9e 5d-6e 92 b1 ac 55 31 cc a5 ~.'Q.q.]n...U1.. 0020 - 0f f6 ef 74 8d 84 3e 50-bb 1c 39 20 5b c0 8d ba ...t..>P..9 [... 0030 - 62 4b 2c df a3 95 23 fc-06 f9 65 72 54 a5 b0 70 bK,...#...erT..p 0040 - de 6a 20 46 25 58 83 3e-0e a9 c3 5d 00 3e 13 02 .j F%X.>...].>.. 0050 - 13 03 13 01 c0 2c c0 30-00 9f cc a9 cc a8 cc aa .....,.0........ 0060 - c0 2b c0 2f 00 9e c0 24-c0 28 00 6b c0 23 c0 27 .+./...$.(.k.#.' 0070 - 00 67 c0 0a c0 14 00 39-c0 09 c0 13 00 33 00 9d .g.....9.....3.. 0080 - 00 9c 00 3d 00 3c 00 35-00 2f 00 ff 01 00 00 b3 ...=.<.5./...... 0090 - 00 00 00 14 00 12 00 00-0f 77 77 77 2e 6f 70 65 .........www.ope 00a0 - 6e 73 73 6c 2e 6f 72 67-00 0b 00 04 03 00 01 02 nssl.org........ 00b0 - 00 0a 00 16 00 14 00 1d-00 17 00 1e 00 19 00 18 ................ 00c0 - 01 00 01 01 01 02 01 03-01 04 00 23 00 00 00 16 ...........#.... 00d0 - 00 00 00 17 00 00 00 0d-00 30 00 2e 04 03 05 03 .........0...... 00e0 - 06 03 08 07 08 08 08 1a-08 1b 08 1c 08 09 08 0a ................ 00f0 - 08 0b 08 04 08 05 08 06-04 01 05 01 06 01 03 03 ................ 0100 - 03 01 03 02 04 02 05 02-06 02 00 2b 00 05 04 03 ...........+.... 0110 - 04 03 03 00 2d 00 02 01-01 00 33 00 26 00 24 00 ....-.....3.&.$. 0120 - 1d 00 20 c9 55 9f 25 fb-2f 22 3a 6b cf 98 ac 4d .. .U.%./":k...M 0130 - ea e0 e2 fc eb 49 9e 90-4a a8 24 4a 95 b9 08 1e .....I..J.$J.... 0140 - fe 27 75 .'u read from 0x600002d96980 [0x13981c403] (5 bytes => 5 (0x5)) 0000 - 15 03 01 00 02 ..... read from 0x600002d96980 [0x13981c408] (2 bytes => 2 (0x2)) 0000 - 02 28 .( 409C80E101000000:error:0A000410:SSL routines:ssl3_read_bytes:ssl/tls alert handshake failure:ssl/record/rec_layer_s3.c:865:SSL alert number 40 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 323 bytes Verification: OK --- New, (NONE), Cipher is (NONE) This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- read from 0x600002d96980 [0x13900e000] (8192 bytes => 0)
This issue was caused by changes on our CDN provider (deployment of new certificate) and unfortunately this is side effect of activity. Everything should be back to normal now. @alex - thanks for reporting