Re: if SSLv3 is disabled, why does LWP::UserAgent request indicate successful SSLv3 handshake?


Come for the quick hacks, stay for the epiphanies.
	PerlMonks

Re: if SSLv3 is disabled, why does LWP::UserAgent request indicate successful SSLv3 handshake?

by rizzo (Curate)

on May 23, 2018 at 08:59 UTC ( [id://1215087]=note: print w/replies, xml )

Need Help??

in reply to if SSLv3 is disabled, why does LWP::UserAgent request indicate successful SSLv3 handshake?

Seems SSL v3.0 is not supported by Google. You can test this by trying to force google into a ssl3 connection using:

openssl s_client -ssl3 -connect www.google.com:443

--> connection fails

while

openssl s_client -connect www.google.com:443

and grepping for "Protocol" gives "TLSv1.2" (at least to me) and a working connection.

Using the same command with the "-state" switch und grepping for "SSL" gives the output of the one-liner in OP's post(though I don't get it using Perl)and TLSv1.2.

Maybe there's a need for debugging the debug messages ...

Comment on Re: if SSLv3 is disabled, why does LWP::UserAgent request indicate successful SSLv3 handshake? Select or Download Code

Replies are listed 'Best First'.
Re^2: if SSLv3 is disabled, why does LWP::UserAgent request indicate successful SSLv3 handshake? by bennetthaselton (Novice) on May 23, 2018 at 16:49 UTC
OK yes I get the same results as you do, so that's a repro without using Perl. I've heard that "TLS uses SSL certificates" (e.g. https://learntomato.com/what-is-a-vpn/ ). Although I'm not clear on the mechanics, is that what's going on -- TLS is a different protocol but it uses the public/private keys baked into SSLv3 certificates, and when the debug messages refer to "SSLv3", that's what they're referring to?	[reply]
Re^3: if SSLv3 is disabled, why does LWP::UserAgent request indicate successful SSLv3 handshake? by rizzo (Curate) on May 24, 2018 at 15:09 UTC
As far as I know, they're using the same cipher suites. Why the debug messages refer to SSlv3 although TLS is used for the connection, no clue, sorry.	[reply]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://1215087]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others making s'mores by the fire in the courtyard of the Monastery: (6)

As of 2024-04-19 06:42 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found