maria80e has asked for the wisdom of the Perl Monks concerning the following question:

In Live server we have perl version 5.6.1,recently we have enabled TLS 1.2 which resulted in a error "500 SSL Negotiation failed". Earlier we have TLS 1.0 we don't have any issues. Enabling TLS 1.2 is unavoidable which is mandatory. How to resolve this issue? I have searched & found that SOAP-LITE module has to be installed in order to resolve the above issue but the version 5.6.1 does not support SOAP-LITE module. It is available in active perl 5.8 and above version. Is it adviseable to upgrade to 5.8 version inorder to install soap::Lite? I have used the modules MSSQL::DBLIB and MSSQL::SQLLIB in this project, Will upgrade supports this module?
  • Comment on 500 SSL Negotiation failed in perl version 5.6

Replies are listed 'Best First'.
Re: 500 SSL Negotiation failed in perl version 5.6
by tobyink (Canon) on Mar 16, 2020 at 17:19 UTC

    Perl 5.6.1 is very ancient; it was released almost 19 years ago, which in software terms make it kind of like the sphinx.

    Very few authors still support Perl 5.6. I do for a few of my releases, but most require at least 5.8. Perl 5.8.9 came out in December 2008, so still ancient, but kind of like the Roman Colosseum. If you've got 5.8.9, most recent modules will work.

    But if you're going to upgrade anyway, it makes sense to upgrade to a recent officially supported version of Perl, which means Perl 5.28 or above, which came out about two years ago. Any modules you want to use should work with Perl 5.28 or above.

    Edit / additional information: if the above doesn't convince you to upgrade, I'll point out that the release notes for 5.28 include four security issues. If you're using a version of Perl prior to 5.28, you're using a version of Perl with known security issues that have been addressed in more recent releases. I'm not saying that there aren't sometimes good reasons to stick with an older release, but in most cases it's a good idea to upgrade software when security fixes are available.

Re: 500 SSL Negotiation failed in perl version 5.6
by jcb (Parson) on Mar 17, 2020 at 01:25 UTC

    You might be able to work around this by upgrading OpenSSL and then updating/reinstalling Net::SSLeay (the XS bindings to OpenSSL) from CPAN. You will probably also need to upgrade Net::SSLeay to a version that supports the newer OpenSSL. That should get you TLS 1.2 support, but if you are still running a 19 year old perl, you probably should be looking at a forklift upgrade here and planning to migrate the whole application to a new system.

Re: 500 SSL Negotiation failed in perl version 5.6
by rizzo (Deacon) on Mar 16, 2020 at 20:31 UTC

    I have no clue what Live Server is, but to me this sounds like a problem with the underlying SSL/TLS system. TLS 1.2 deploys other cipher suites than TLS 1.0. Did you check that these are installed and configured correctly?

Re: 500 SSL Negotiation failed in perl version 5.6
by Anonymous Monk on Mar 16, 2020 at 21:50 UTC
    Toby's right ... you need to upgrade the Perl on your server immediately, and not merely to get the SSL layer working.
      no upgrades without testing, no migration without testing, thats foolish

      Yet more harmful jibber-jabber from a fool who wants desperately to be seen as a sage.