[outages] Potential CloudFlare Issue

valdis.kletnieks at vt.edu valdis.kletnieks at vt.edu
Tue Oct 2 17:03:04 EDT 2018

On Mon, 01 Oct 2018 11:58:37 +0100, Tony Finch via Outages said:
> Chris via Outages <outages at outages.org> wrote:
> >
> > me at jumpoff1 ~ $ openssl s_client -connect
> > CONNECTED(00000003)
> > 140186033568600:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:802:
> > ---
> > no peer certificate available
> You might find it works better with SNI: use the -servername option.

I got bit by this trying to do imap-over-ssl to Gmail.

The tl;dr: If you forget the SNI, it would hand back a self-signed cert.  And of course,
it depended on what version of openssl you were on - I try it, get back a self-signed cert,
ask a cow-orker, and he had an older openssl that fetched the expected cert and worked...

The gory details: https://mta.openssl.org/pipermail/openssl-project/2018-April/000623.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 486 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/outages/attachments/20181002/fd257df4/attachment.sig>

More information about the Outages mailing list