http://www.perlmonks.org?node_id=1124777

dorko has asked for the wisdom of the Perl Monks concerning the following question:

Hello,

I've got several Perl programs that talk to a learning management system (LMS) used by about 50,000 users. The LMS has three environments, TEST, QA and PRODUCTION. From my desktop, I can talk to all three environments just fine. From the server that handles the management of the LMS, I can talk to PRODUCTION ok. The server can't talk to the TEST or QA environments.

I'm using LWP for all the communications. My desktop and server are at the same version of the LWP module (6.04 -- the current of LWP is 6.13).

This is the error I'm getting:

( '500 Can\'t connect to QA.server.example.com:443', \bless( { '_content' => '', '_uri' => bless( do{\(my $o = 'https://QA.server.exa +mple.com/)}, 'URI::https' ), '_headers' => bless( { 'user-agent' => 'Management P +rogram', 'authorization' => 'Bearer SU +PERPOWERFULLPASSWORDGOESHERE' }, 'HTTP::Headers' ), '_method' => 'GET' }, 'HTTP::Request' ), 'Can\'t connect to QA.server.example.com:443 LWP::Protocol::https::Socket: SSL connect attempt failed with unknown +error error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown +message digest algorithm at /opt/perl/lib/site_perl/5.16.1/LWP/Protoc +ol/http.pm line 51. ', \bless( { '_content' => 'Can\'t connect to QA.server.example.c +om:443 LWP::Protocol::https::Socket: SSL connect attempt failed with unknown +error error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown +message digest algorithm at /opt/perl/lib/site_perl/5.16.1/LWP/Protoc +ol/http.pm line 51. ', '_rc' => 500, '_headers' => bless( { 'client-warning' => 'Internal + response', 'client-date' => 'Sun, 26 Apr + 2015 18:18:56 GMT', 'content-type' => 'text/plain +', '::std_case' => { 'client-war +ning' => 'Client-Warning', 'client-dat +e' => 'Client-Date' } }, 'HTTP::Headers' ), '_msg' => 'Can\'t connect to QA.server.example.com/: +443', '_request' => ${$![1]} }, 'HTTP::Response' ) );

I pretty sure I know what's going on: The TEST and QA servers are using SHA2 / SHA256 SSL certificates. PRODUCTION is using SHA1. The OpenSSL on the server is 0.9.8y. Everything I've read says OpenSSL greater than 0.9.8o can handle SHA2.

My question is how do I fix this? Will upgrading LWP to 6.13 fix things? (I'm assuming the version of LWP I'm using was installed using an earlier version of OpensSSL than is currently installed.) How can I get LWP to work with SHA2? How can I get LWP to use the more recent version of OpensSSL?

Cheers,

Brent

-- Yup, I'm a Delt.