[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: lua-http https failures on Ubuntu 18
- From: Daurnimator <quae@...>
- Date: Fri, 3 May 2019 11:06:18 +1000
On Fri, 3 May 2019 at 02:20, Russell Haley <russ.haley@gmail.com> wrote:
> I can now get various sites such as FreeBSD.org, verisign.com, google.com but our starfish site seems to be failing on a sslv3 error:
>
> russellh@canary-dev:~/lua/sfiot_client$ ./lua test.lua "https://www.starfishmedical.com"
> Failed to retrieve request. No headers. starttls: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
This is an interesting failure...
It seems like your web server doesn't support prime256v1 ephemeral
keys (which is the default in lua-http).
Now this isn't *recommended*, but it shouldn't have broken lua-http.
Reading through the OpenSSL source, it looks like the behaviour of
SSL_CTX_set_tmp_ecdh hugely changed from 1.0.2 to 1.1.0
Breaking luaossl recommendations and lua-http in the process...
I will have to do some further research here.
Created https://github.com/daurnimator/lua-http/issues/150 to track.
> if not stream then
> logError('Failed to retrieve request. No Stream (check with a urologist).')
ha.