Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re^2: if SSLv3 is disabled, why does LWP::UserAgent request indicate successful SSLv3 handshake?

by bennetthaselton (Novice)
on May 23, 2018 at 18:09 UTC ( #1215110=note: print w/replies, xml ) Need Help??


in reply to Re: if SSLv3 is disabled, why does LWP::UserAgent request indicate successful SSLv3 handshake?
in thread if SSLv3 is disabled, why does LWP::UserAgent request indicate successful SSLv3 handshake?

It's a very old system, I have:
perl v 5.8.8
Crypt::SSLeay 0.51
LWP::UserAgent 2.033
OpenSSL 0.9.8e

I am wary of major upgrades because every time I've done a big upgrade, I run into bugs in the upgrade software that cause some type of serious damage that takes hours or sometimes days to fix. (By "bugs" I don't mean crashes; I mean messages where I do exactly what the message tells me to do; but it turns out the message *really* meant something else, and "everybody knows" that you're supposed to do the other thing, instead of what the message actually tells you to do, but I follow the directions literally and end up backed into some catastrophic problem.)

However, regardless of whether or not I "should" upgrade, the original question remains: if www.google.com does not support SSLv3, why do the output debug messages keep referring to SSLv3? The repro without perl:

openssl s_client -connect www.google.com:443 -state | grep -i "ssl"

shows:

SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 /C=US/O=Google Trust Services/CN=Google Internet Authority G3
verify error:num=20:unable to get local issuer certificate
verify return:0
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
SSL handshake has read 2450 bytes and written 447 bytes
New, TLSv1/SSLv3, Cipher is AES128-SHA
SSL-Session:

I see the line "TLSv1/SSLv3" and I've heard that TLS uses SSL certificates, so maybe these are the debug messages that you get when you are using TLS with SSLv3 certs. Is that probably it?
  • Comment on Re^2: if SSLv3 is disabled, why does LWP::UserAgent request indicate successful SSLv3 handshake?

Replies are listed 'Best First'.
Re^3: if SSLv3 is disabled, why does LWP::UserAgent request indicate successful SSLv3 handshake?
by Veltro (Pilgrim) on May 23, 2018 at 20:00 UTC
    -
Re^3: if SSLv3 is disabled, why does LWP::UserAgent request indicate successful SSLv3 handshake?
by soonix (Abbot) on May 23, 2018 at 18:50 UTC
    I know perlbrew only from hearsay, but think it could help you avoiding upgrade woes while getting benefits of newer versions.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1215110]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (3)
As of 2018-10-23 02:43 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    When I need money for a bigger acquisition, I usually ...














    Results (125 votes). Check out past polls.

    Notices?