lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Fri, 3 May 2019 at 02:20, Russell Haley <russ.haley@gmail.com> wrote:
> I can now get various sites such as FreeBSD.org, verisign.com, google.com but our starfish site seems to be failing on a sslv3 error:
>
> russellh@canary-dev:~/lua/sfiot_client$ ./lua test.lua "https://www.starfishmedical.com";
> Failed to retrieve request. No headers. starttls: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

This is an interesting failure...

It seems like your web server doesn't support prime256v1 ephemeral
keys (which is the default in lua-http).
Now this isn't *recommended*, but it shouldn't have broken lua-http.

Reading through the OpenSSL source, it looks like the behaviour of
SSL_CTX_set_tmp_ecdh hugely changed from 1.0.2 to 1.1.0
Breaking luaossl recommendations and lua-http in the process...
I will have to do some further research here.
Created https://github.com/daurnimator/lua-http/issues/150 to track.

> if not stream then
>     logError('Failed to retrieve request. No Stream (check with a urologist).')

ha.