Search code examples
windowsperlssllwp

LWP / IO::Socket::SSL fails with SSL3_GET_SERVER_HELLO:wrong cipher returned

I found many questions quite similiar to my problem, but they didn't solve it, so here I am asking for your help.

I am trying to get data from web page with Perl LWP using https. I can get data from almost every site I have tried, except the one I really need to use. I am using Perl version v5.18.2 under Windows x64. This is my basic dummy example:

use strict;
use LWP::UserAgent;
use HTTP::Request;
use IO::Socket::SSL qw(debug3);
my $ua = LWP::UserAgent->new;
my $url = 'https://www.domainx.com:443';
my $req = HTTP::Request->new( GET => $url);
my $response = $ua->request($req);
print $response->status_line . "\n";

And result for the response->status_line: 500 Can't connect to www.domainx.com:443

Debug for SSL:

DEBUG: .../IO/Socket/SSL.pm:1890: new ctx 48125200
DEBUG: .../IO/Socket/SSL.pm:393: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:395: socket connected
DEBUG: .../IO/Socket/SSL.pm:413: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:443: using SNI with hostname www.domainx.com
DEBUG: .../IO/Socket/SSL.pm:466: set socket to non-blocking to enforce     timeout=180
DEBUG: .../IO/Socket/SSL.pm:479: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:489: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:499: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:519: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:479: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1359: SSL connect attempt failed with unknown error
DEBUG: .../IO/Socket/SSL.pm:485: fatal SSL error: SSL connect attempt failed with unknown error error:14092105:SSL routines:SSL3_GET_SERVER_HELLO:wrong cipher returned
DEBUG: .../IO/Socket/SSL.pm:1924: free ctx 48125200 open=48125200
DEBUG: .../IO/Socket/SSL.pm:1932: OK free ctx 48125200

From checking the previous posts I tried to apply: ssl_opts => { verify_hostname => 0 }, but that didn’t help. If I try to connect to that same site with browser (IE or Chrome) it works just fine.

Is this some certificate based error or what is going wrong here?

Solution

  • The actual site is www.firstcard.fi

    The server is heavily broken as can also be seen from the report by SSLLabs. To get a connection to the server one must work around these problems by only using the single good cipher the server offers:

    my $ua = LWP::UserAgent->new;
$ua->ssl_opts(SSL_cipher_list => 'DES-CBC3-SHA');

    Interestingly, this cipher is included in the cipher list used by default in IO::Socket::SSL but the server is too broken to properly deal with the correct ClientHello.