[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: lua-http https failures on Ubuntu 18
- From: Daurnimator <quae@...>
- Date: Wed, 12 Jun 2019 17:55:50 +1000
On Fri, 3 May 2019 at 11:06, Daurnimator <quae@daurnimator.com> wrote:
>
> On Fri, 3 May 2019 at 02:20, Russell Haley <russ.haley@gmail.com> wrote:
> > I can now get various sites such as FreeBSD.org, verisign.com, google.com but our starfish site seems to be failing on a sslv3 error:
> >
> > russellh@canary-dev:~/lua/sfiot_client$ ./lua test.lua "https://www.starfishmedical.com"
> > Failed to retrieve request. No headers. starttls: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
>
> This is an interesting failure...
>
> It seems like your web server doesn't support prime256v1 ephemeral
> keys (which is the default in lua-http).
> Now this isn't *recommended*, but it shouldn't have broken lua-http.
>
> Reading through the OpenSSL source, it looks like the behaviour of
> SSL_CTX_set_tmp_ecdh hugely changed from 1.0.2 to 1.1.0
> Breaking luaossl recommendations and lua-http in the process...
> I will have to do some further research here.
> Created https://github.com/daurnimator/lua-http/issues/150 to track.
Could you give https://github.com/daurnimator/lua-http/pull/154 a try?