Open kevinmac61 opened 4 years ago
PHRETS uses pre-existing software installed on your computer/server to deal with HTTPS and TLS 1.2. No updates to PHRETS are required in this case. If you're now unable to connect to these Matrix systems, you'll want to see about updating OpenSSL on your computer so that it's able to going forward.
For Linux based systems, one test is to run the following from the command line:
curl -I 'https://matrix.server.login.url.here'
If you get back an HTTP response, you should be fine. If, however, you get an SSL protocol error, you'll know your system isn't able to establish the connection with updating some software.
Wow...I appreciate the fast response. I'll do as you suggest. Thanks.
Here is the response from the Corelogic analyst: curl is issuing a HEAD request, which we don't support. It should be issuing a GET request. So : curl -Iv https://rets.gmrgm.mlsmatrix.com/rets/Login.ashx will give a 404 But forcing it to use a HEAD request will work. curl -Iv -X GET https://rets.gmrgm.mlsmatrix.com/rets/Login.ashx Will work as expected.
Troy Davisson notifications@github.com wrote: “If we assume kevinmac is unable to connect, as stated, what's the answer to the question? Is there a quick fix for this? Or any fix? :)”
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.
The fix would be updating software on your server. Specifically openssl which will update the portions that curl uses which is what PHRETS uses.
Are you saying that openssl still needs to be updated in spite of the message below? Thanks again.
TLS 1.2 is supported by the version of openssl installed in your server:
[12:37:34 hal root@93508365 ~]cPs# openssl s_client -connect google.com:443 -tls1_2|grep Protocol depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign verify return:1 depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1 verify return:1 depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com verify return:1 Protocol : TLSv1.2 QUIT
If your server can communicate out using TLS 1.2 with curl, you should be fine as-is.
To be clear, my previous example returning a 404 is a good response in that case (for the reasons mentioned in an earlier comment). A 404 there means that your server CAN communicate with them and should satisfy the current requirements. If, instead, you get an SSL protocol error, that's when openssl likely needs updated so curl has something more up-to-date to work with.
If you're on TLS 1.2, you shouldn't be seeing any errors with PHRETS connecting to those Matrix systems.
Troy,
Thank you for getting that suggestion from CoreLogic analyst.
I got a 400 response on curl -Iv https://rets.fmlsd.mlsmatrix.com
I got a 200 response on curl -Iv -X GET https://rets.fmlsd.mlsmatrix.com
200 is good, but when logging into matrix, to do my RETS query, I get the following:
Fetching Homes Data:
I wonder how I need to change my config to incorporate the recommended command. I'm using Debian Linux, most recent stable version with most recent security updates.
dpkg -l openssl ||/ Name Version Architecture Description +++-==============-================-============-==================================================== ii openssl 1.1.1d-0+deb10u3 amd64 Secure Sockets Layer toolkit - cryptographic utility
Complete output of curl commands is below.
Thank you! -thomas (520)360-9183
This command seems to produce a 404:
curl -Iv https://rets.fmlsd.mlsmatrix.com
HEAD / HTTP/2 Host: rets.fmlsd.mlsmatrix.com User-Agent: curl/7.64.0 Accept: /
<
This command seems to produce a 200:
curl -Iv -X GET https://rets.fmlsd.mlsmatrix.com
GET / HTTP/2 Host: rets.fmlsd.mlsmatrix.com User-Agent: curl/7.64.0 Accept: /
<
On 7/16/20 7:25 AM, Troy Davisson wrote:
If your server can communicate out using TLS 1.2 with curl, you should be fine as-is.
To be clear, my previous example returning a 404 is a good response in that case (for the reasons mentioned in an earlier comment). A 404 there means that your server CAN communicate with them and should satisfy the current requirements. If, instead, you get an SSL protocol error, that's when openssl likely needs updated so curl has something more up-to-date to work with.
If you're on TLS 1.2, you shouldn't be seeing any errors with PHRETS connecting to those Matrix systems.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/troydavisson/PHRETS/issues/266#issuecomment-659447372, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABOJ2NFQX6XK3ESPOE7WZXLR34EV3ANCNFSM4OW5NXOA.
Interesting that both of us are Matrix users suddenly having issues.
The 302 is a redirect because you're not using HTTPS in the initial URL. If you update the login URL you're using to point directly to the https://... version of that URL, you should be fine.
My site stopped connecting to pull images a few days ago. I found out that the message below had been sent, but I hadn't received it.
"After July 8, 2020, older RETS client applications that are not compliant with TLS 1.2 will fail to connect to Matrix RETS. Some data recipients may need to upgrade their RETS client to continue using Matrix RETS."
Is there a quick fix for this? Any assistance is appreciated.
Thanks.