Re: lua-http https failures on Ubuntu 18

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: lua-http https failures on Ubuntu 18
From: Daurnimator <quae@...>
Date: Wed, 12 Jun 2019 17:55:50 +1000

On Fri, 3 May 2019 at 11:06, Daurnimator <quae@daurnimator.com> wrote:
>
> On Fri, 3 May 2019 at 02:20, Russell Haley <russ.haley@gmail.com> wrote:
> > I can now get various sites such as FreeBSD.org, verisign.com, google.com but our starfish site seems to be failing on a sslv3 error:
> >
> > russellh@canary-dev:~/lua/sfiot_client$ ./lua test.lua "https://www.starfishmedical.com";
> > Failed to retrieve request. No headers. starttls: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
>
> This is an interesting failure...
>
> It seems like your web server doesn't support prime256v1 ephemeral
> keys (which is the default in lua-http).
> Now this isn't *recommended*, but it shouldn't have broken lua-http.
>
> Reading through the OpenSSL source, it looks like the behaviour of
> SSL_CTX_set_tmp_ecdh hugely changed from 1.0.2 to 1.1.0
> Breaking luaossl recommendations and lua-http in the process...
> I will have to do some further research here.
> Created https://github.com/daurnimator/lua-http/issues/150 to track.

Could you give https://github.com/daurnimator/lua-http/pull/154 a try?

Prev by Date: Re: [NoW] Why only LOCAL const variables?
Next by Date: RE: IUP question: how can I make IUP dialogs float in front of other application windows and/or be modal with respect to them?
Previous by thread: Re: [NoW] Why only LOCAL const variables?
Next by thread: Re: LuaThread sources?
Index(es):
- Date
- Thread