OpenSSL Fails to connect

Security
#1

Hello,

I have recently set-up cloudflare on my retro computing website and forums.

The website hosts a large number of retro computer game files. One of the projects we link with produces an emulator called ZEsarUX which can download files from our website. The author of the emulator has done some debugging and these are his findings:

  • I open the socket using a “socket” call from Unix C library

  • Then I run all the ssl stuff to connect to that socket (https socket indeed):

SSL_CTX_new

SSL_new

SSL_set_fd

SSL_connect

And it fails on SSL_connect. The returned error code is: SSL_ERROR_SSL

I’m using openssl 1.1 libraries on Mac, Linux and Windows and they all return the same error. Besides, I can stablish https connections to github and Google for example and they all work perfect.

How do I keep cloudlare enabled, but allow these SSL connections through?

Thanks

#2

Hi,

Hope these lines find you well.

What is/are the exact command(s) that result in the error(s), please?

SSL Server Test: spectrumcomputing.co.uk (Powered by Qualys SSL Labs) indicates the website has TLS 1.0 to 1.3 support.

Could you please try to set Using Minimum TLS Version in Cloudflare SSL/TLS – Cloudflare Help Center to 1.1 and maybe disable Understanding TLS 1.3 – Cloudflare Help Center and see if it works better then?

#3

Thanks for the reply. I have set those settings suggested, but still have the problem. I will contact the developer and ask for the exact commands which result in the error.

Thanks

Capture
Capture1083×695 24.1 KB

#4

Hi

I’m the author of ZEsarUX

The SSL error I receive is:

error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

I got it after the SSL_connect function.
Before this call, the following is executed:

SSL_CTX_new (SSLv23_client_method ());

I have also tried to change it to:

SSL_CTX_new (TLS_client_method() )

But the same error is fired.

I have updated my openssl library, tried on Mac and Linux, but it always fails

Regards
Cesar

1 Like
#5

Am am concerning the fact that you are using “I am under an attack” for security level as far as I have first time visited this Website or some firewall rule to check each visitor before accessing it?

What SSL settings are enabled at Cloudflare dashboard?

Is your origin supporting SSLv3 connections?

Try settting up Minimum TLS to TLS v1.0.
At the origin, use TLS 1.0 and above; and use Server Name Indication.

What result you got when running an command for your domain:
openssl s_client -connect www.example.com:443 -tls1 -servername www.example.com \ -cert mycert.pem -key mykey.pem -CAfile <certificate-authority-for-service>.pem

Moreover, is the domain :orange: proxied via Cloudflare?
Also, has the origin it’s own SSL certificate, which should consider you are using “Full SSL” option, or you are using “Flexible SSL” option at Cloudflare dashboard?

Is your origin working with the port 443 or only on the port 80?
I suppose origin is Linux OS, which one if so?

Maybe at your origin, is sending or using outdated cyphers and they should be upgraded to include the ones for TLS 1.0 or higher - to match with the SSL of Cloudflare (Minimum TLS option).

If on Linux, try installing and/or updating ca-certificates.
Then configure your Web server to … either work only on 80 (Cloudflare with Flexible SSL), or generate SSL certificate with like Let’s Encrypt, to have it running on 443 port also, then switch to Full SSL on Cloudflare and try again if it connects with “minimum TLS 1.0”.

Have you tried updating openssl?

#6

Thanks for the reply,

No I am not on ‘Under Attack Mode’, I just have a Firewall rule that where the country is not United Kingdom, Spain, Italy or Portugal then there is a challenge. I tried turning off all my firewall rules, and still had the same error.

Minimum TLS was set at v1.0 before I changed it to v1.1 as suggested above.

I use LetsEncrypt on my server, and FullSSL is chosen.

Its an Ubuntu 16.04 server that I built via Digital Ocean. I’m running Apache.

I’m reasonably technical, but don’t know anything about CA-Certificates or Server Name Identification

#7

Could you check the openssl version.
Moreover as far as running Apache Web server, have you check if the port 443 and 80 are open at your origin?

sudo netstat -tulpn | grep :80
sudo netstat -tulpn | grep :443 or sudo losf -i tcp:443

TLS 1.0 needed to be enabled on the server for it.

Moreover, Apache, so have you got ssl_module loaded correctly and installed?
/etc/httpd/conf.d or ssl.conf:

LoadModule ssl_module modules/mod_ssl.so
Listen 443

What does curl -iv https://yourdomain.com/ output?

Where yourdomain.com is requesting a specific client certificate (this is the * SSLv3, TLS handshake - line curl is printing if so) and if that’s the response, then your server is sending the wrong (or no) certificate at all at your origin, so your connection fails I suppose?

#8

Hi there,

This is the result of the curl command. I will answer the rest of the suggestions later today.

HTTP/1.1 200 OK
Date: Sat, 13 Feb 2021 08:55:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d5d4e48bc771a47e392bf9c149ee6cbac1613206545; expires=Mon, 15-Mar-21 08:55:45 GMT; path=/; domain=.spectrumcomputing.co.uk; HttpOnly; SameSite=Lax; Secure
Vary: Accept-Encoding
Access-Control-Allow-Origin: http://torinak.com
CF-Cache-Status: DYNAMIC
cf-request-id: 083c337b7d0000bdbe8f25b000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4DcPZ9K0hXBNHYpAtlpj1itco6KC6t7wiuD%2BtHtybkGcig0s45wZF80tBL4qsdC8S%2Fuy7IJx8Z5KzyJqRtd%2BjDBzMEACChNWydTjRG0gpYx8CPlOp8huJg%3D%3D"}]}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 620d550bfd8dbdbe-AMS

Following this, is just the HTML of the homepage.

#9 
[email protected]:~# sudo netstat -tulpn | grep :80
tcp6       0      0 :::80                   :::*                    LISTEN      1489/apache2

[email protected]:~# sudo netstat -tulpn | grep :443
tcp6       0      0 :::443                  :::*                    LISTEN      1489/apache2
#10

Assuming you mean lsof rather than losf ?

[email protected]:/etc# lsof -i tcp:443
COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
apache2  1489     root    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 22238 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23091 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23202 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23441 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23453 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23456 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23461 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23531 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23540 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23543 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23556 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23557 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23562 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23563 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23565 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23566 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23567 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23569 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23571 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23572 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23573 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
apache2 23576 www-data    6u  IPv6  16223      0t0  TCP *:https (LISTEN)
[email protected]:/etc#
#11

When I try to connect to https, i got 301 redirection to http.
Is that ok, because you have 443 port open and first reply says cannot connect due to SSL error?

As suggested “curl -iv”, curl -iv https://www.torniak.com gives me this one, which is not even a close or a similar to yours output:
curl -iv https://www.torinak.com

* Expire in 0 ms for 6 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 0 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 1 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 4 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 2 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 4 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 3 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 3 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 4 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 4 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 4 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 8 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 5 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 5 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 8 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 7 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 7 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 8 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 9 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 9 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 8 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 9 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 9 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 16 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 12 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 12 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 16 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 16 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 16 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 16 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 16 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 16 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 32 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 50 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 50 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 32 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 50 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 50 ms for 1 (transfer 0x564f7e7beb50)
* Expire in 50 ms for 1 (transfer 0x564f7e7beb50)
*   Trying 178.19.109.2...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x564f7e7beb50)
* Connected to www.torinak.com (178.19.109.2) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=torinak.com
*  start date: Jan  8 00:00:00 2021 GMT
*  expire date: Apr  8 23:59:59 2021 GMT
*  subjectAltName: host "www.torinak.com" matched cert's "www.torinak.com"
*  issuer: C=US; ST=TX; L=Houston; O=cPanel, Inc.; CN=cPanel, Inc. Certification Authority
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x564f7e7beb50)
> GET / HTTP/2
> Host: www.torinak.com
> User-Agent: curl/7.64.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 301
HTTP/2 301
< content-type: text/html
content-type: text/html
< content-length: 706
content-length: 706
< date: Sat, 13 Feb 2021 15:59:26 GMT
date: Sat, 13 Feb 2021 15:59:26 GMT
< server: LiteSpeed
server: LiteSpeed
< location: http://torinak.com/
location: http://torinak.com/
< alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000

<
<!DOCTYPE html>
<html style="height:100%">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" >
<title> 301 Moved Permanently
</title></head>
<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
<div style="height:auto; min-height:100%; ">     <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
        <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1>
<h2 style="margin-top:20px;font-size: 30px;">Moved Permanently
</h2>
<p>The document has been permanently moved.</p>
</div></div></body></html>
* Connection #0 to host www.torinak.com left intact

How can it work if your app/website is working to connect to HTTPS/SSL, but you are redirecting to HTTP? Shouldn’t be vice-versa, HTTP to HTTPS?
Because either you are trying to open a socket on HTTPS (which turns out gets you back to the HTTP)?

Moreover, you are running cPanel. Do you run your app on some other specific port different than 80 or 443?

#12

Hi,

We are www.spectrumcomputing.co.uk, and not http://torinak.com/. We link to http://torinak.com/ for its online emulator at Qaop – ZX Spectrum emulator which is why I have the Access-Control-Allow-Origin. We don’t use CPanel. Everything is built on Ubuntu Server.

The command I used was curl -iv https://spectrumcomputing.co.uk

Please see original post.

#13

Hi There

I’ve tried with openssl client and I got the same error:

openssl s_client -connect spectrumcomputing.co.uk:443
CONNECTED(00000006)
4655267436:error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure:/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.140.1/libressl-2.8/ssl/ssl_pkt.c:1200:SSL alert number 40
4655267436:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake failure:/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.140.1/libressl-2.8/ssl/ssl_pkt.c:585:

no peer certificate available

No client certificate CA names sent

SSL handshake has read 7 bytes and written 0 bytes

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1613413152
Timeout : 7200 (sec)
Verify return code: 0 (ok)

#14

What’s the openssl version you have on the client machine? If it’s new can you try downgrading openssl version to match with the old one in the server?

LibreSSL 2.8.0 (August 6th, 2018) while the latest one LibreSSL 3.2.4 (February 12, 2021).

If possible please try to use same openssl version on both server and client, this will possibly resolve if there is any limitations in supported ciphers on either side.

Install/upgrade ca-certificates and openssl.

What is your output of running openssl version -a and which openssl?

curl spectrumcomputing.co.uk response:

TCP_NODELAY set
Expire in 149995 ms for 3 (transfer 0x560eb53c1b50)
Expire in 200 ms for 4 (transfer 0x560eb53c1b50)
Connected to spectrumcomputing.co.uk (172.67.164.250) port 80 (#0)
GET / HTTP/1.1
Host: spectrumcomputing.co.uk
User-Agent: curl/7.64.0
Accept: */*
HTTP/1.1 301 Moved Permanently
Date: Mon, 15 Feb 2021 18:32:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 15 Feb 2021 19:32:49 GMT
Location: https://spectrumcomputing.co.uk/
cf-request-id: 08489086600000f9d6a9b28000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mlshZVVuMN01jX2hJoKEk7wWbl%2BYlxHp3f%2BItcL4LGJGLBNOIgFTziYMFWh%2BEAU0gJAFuiS4cZQaiRPb9QSebeRDVcM2FhVZianQ4fvKboXme7SrhOqghQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 62211d1d6889f9d6-PRG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Connection #0 to host spectrumcomputing.co.uk left intact

curl https://spectrumcomputing.co.uk response: ← you have Security DDoS protection here or Page Rule or Firewall Rule

TCP_NODELAY set
Expire in 149995 ms for 3 (transfer 0x55b168202b50)
Expire in 200 ms for 4 (transfer 0x55b168202b50)
Connected to spectrumcomputing.co.uk (104.21.49.166) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
successfully set certificate verify locations:
CAfile: none
CApath: /etc/ssl/certs
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS handshake, Server key exchange (12):
TLSv1.2 (IN), TLS handshake, Server finished (14):
TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
TLSv1.2 (OUT), TLS handshake, Finished (20):
TLSv1.2 (IN), TLS handshake, Finished (20):
SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305
ALPN, server accepted to use h2
Server certificate:
subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
start date: Feb 12 00:00:00 2021 GMT
expire date: Feb 11 23:59:59 2022 GMT
subjectAltName: host "spectrumcomputing.co.uk" matched cert's "spectrumcomputing.co.uk"
issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
SSL certificate verify ok.
Using HTTP2, server supports multi-use
Connection state changed (HTTP/2 confirmed)
Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
Using Stream ID: 1 (easy handle 0x55b168202b50)
GET / HTTP/2
Host: spectrumcomputing.co.uk
User-Agent: curl/7.64.0
Accept: */*

Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
HTTP/2 503
date: Mon, 15 Feb 2021 18:35:21 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=def2487748dbbb365c5d911843270fdfe1613414121; expires=Wed, 17-Mar-21 18:35:21 GMT; path=/; domain=.spectrumcomputing.co.uk; HttpOnly; SameSite=Lax; Secure
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cf-request-id: 084892d90000004a61f2bf1000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DMV%2FytqVHjBXiKJnF4I4HgVil%2Fk5%2F%2FB8nK89krTtUkQ6ZtdKobb0FVYzTKJp2B5DRwwZNies1nyK6dlZscO%2F3WZmPOAZXJVdkbovas3LpkFvAftrXgblgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622120d4cf794a61-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

openssl_client response:

CONNECTED(00000003)
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
verify return:1
---
Certificate chain
0 s:C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
i:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
1 s:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE0zCCBHmgAwIBAgIQDE4KQELgEElsWAystfk9MDAKBggqhkjOPQQDAjBKMQsw
CQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX
Q2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwMjEyMDAwMDAwWhcNMjIwMjEx
MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQG
A1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEe
MBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZI
zj0DAQcDQgAETrx9XRE+V3naYm01VMVtwtcS97l1uNFWZl9HVRXvJNNH4dFe4Ecv
5MHPyvKo8AfmyjimTDiUxGYELfsOrR+KrqOCAxQwggMQMB8GA1UdIwQYMBaAFKXO
N+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBS3V6qpZGhG4s4RQIDeJtvJXv8E
BTBUBgNVHREETTBLghVzbmkuY2xvdWRmbGFyZXNzbC5jb22CF3NwZWN0cnVtY29t
cHV0aW5nLmNvLnVrghkqLnNwZWN0cnVtY29tcHV0aW5nLmNvLnVrMA4GA1UdDwEB
/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwewYDVR0fBHQw
cjA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNF
Q0NDQS0zLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0Nsb3Vk
ZmxhcmVJbmNFQ0NDQS0zLmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsG
AQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwdgYIKwYBBQUHAQEE
ajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQAYIKwYB
BQUHMAKGNGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5j
RUNDQ0EtMy5jcnQwDAYDVR0TAQH/BAIwADCCAQQGCisGAQQB1nkCBAIEgfUEgfIA
8AB1ACl5vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABd5eCfaYAAAQD
AEYwRAIgM+T6ck3+c84obyVEKdMJBmDDTWRhsvnZPJZkT/ELAW4CIG8kiNnn010h
m5T90gYn44jCLkQlh1HKGU1vH1ckQ0CMAHcAIkVFB1lVJFaWP6Ev8fdthuAjJmOt
wEt/XcaDXG7iDwIAAAF3l4J9wAAABAMASDBGAiEA0jHLs8HpcPHW0WpuA6y4jfm2
mrsrI6t6N0kn5AFL2ZsCIQDqUxwjA8aUbFiL3HIMEAtdxuNtYqkxdoo3vO2N+iTw
ezAKBggqhkjOPQQDAgNIADBFAiEAmcfF4PxdUuYSUNMPAAt9NPT8A/8sfnH/9kI4
PpIMmf8CIH1Gfb3dBm0HQnAwi0v5cSFVhCdeg42VEH84pERxeBb1
-----END CERTIFICATE-----
subject=C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com

issuer=C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2686 bytes and written 410 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-ECDSA-CHACHA20-POLY1305
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol  : TLSv1.2
Cipher    : ECDHE-ECDSA-CHACHA20-POLY1305
Session-ID: 23EAC72CA5BA31A4FC58523AF7EA9203809896867B197FD7E921E3A3CD413694
Session-ID-ctx:
Master-Key: 5176E5FB587A7F1B3D2E303CB92C5BCF2ED0C208C42BD9E46388DA2653DDB9DAD551B9E468099FE3423917419B212F83
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 64800 (seconds)
TLS session ticket:
0000 - a2 ef 7e 5e ef 06 9f 09-43 88 20 1b ca 47 94 10   ..~^....C. ..G..
0010 - a7 5c 2a d6 69 37 52 c9-cf a8 47 b0 1e 08 e8 f2   .\*.i7R...G.....
0020 - c8 78 c7 01 d5 45 53 a1-89 48 b4 2d 2f 46 e8 b1   .x...ES..H.-/F..
0030 - a1 d2 84 8a ba 1d 78 77-ac 70 e5 0d 67 44 5a 0d   ......xw.p..gDZ.
0040 - b3 fa e6 d3 0e 8a e4 63-21 ac f8 25 3c 94 75 e9   .......c!..%<.u.
0050 - 5d 2d 7c f2 76 42 bc 2b-73 ce c3 ff 8a 9b 22 f5   ]-|.vB.+s.....".
0060 - 12 dc 33 5b 99 f0 be 7f-19 0e 68 a6 8b 13 1c ff   ..3[......h.....
0070 - 73 9f ee 06 d7 30 4e 73-c2 db 5d 2f 7a 37 0e b0   s....0Ns..]/z7..
0080 - 13 ca 27 77 83 8f 7c a2-7f 6b 1b 72 dc b0 45 92   ..'w..|..k.r..E.
0090 - 06 2d 2a f5 4a 09 f7 9a-1e 7a ea eb 9b 8c fd 50   .-*.J....z.....P
00a0 - 22 54 96 7f d0 4b f1 15-3e 97 5e 0b e7 d4 19 f8   "T...K..>.^.....
00b0 - 65 7f e1 17 61 ea 65 37-85 be 6e 67 8f 1b fc 4d   e...a.e7..ng...M

Start Time: 1613413514
Timeout   : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
#15

What you get by running for your domain:
openssl s_client -connect <hostname1>:443 -servername hostname1

Your errors could also indicate that the domain is using SNI enabled target servers (Cloudflare), but the Message Processors (your app or client) were not enabled to talk to SNI servers.

Does your app or client support SNI?

Are you using “Universal SSL” and “Flexible SSL” option at Cloudflare dashboard?

Maybe some information here can also help:
https://docs.apigee.com/api-platform/troubleshoot/runtime/ssl-handshake-failures#sni-enabled-serve

#16

Hi,

The server has OpenSSL 1.0.2g 1 Mar 2016

ca-certificates is already installed.

[email protected]:~# sudo apt-get install ca-certificates
ca-certificates is already the newest version (20210119~16.04.1).

This is the output of which openssl

/usr/bin/openssl

#17

I assume I’m using Universal SSL.

ssl
ssl1083×290 12.7 KB

#18

My output of openssl version -a is:

OpenSSL 1.1.1i  8 Dec 2020
built on: Sat Dec 12 07:47:57 2020 UTC
platform: debian-amd64
options:  bn(64,64) rc4(8x,int) des(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-1.1.1i=. -specs=/usr/share/dpkg/no-pie-compile.specs -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
OPENSSLDIR: "/usr/lib/ssl"
ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-1.1"
Seeding source: os-specific
#19

I also suspect deprecation of the SSLv3 protocol. I would try running a packet sniffer to confirm that, but without going that far, you can change TLS version to 1.0 in Cloudflare dashboard, which is not the case by you because you have already tried changing that (Minimum TLS) at Cloudflare dashboard for your domain.

I believe the issue should be resolved by upgrading openssl at your end. Moreover, the other way around would be for you to downgrade - which I do not suggest.

If you are having an SSL certificate at your server, assumming you have “Full SSL” option enabled at your Cloudflare dashboard, hopefully your server is sending the right ciphers and the right TLS version to Cloudflare?

#20

Hi there. I have fixed it!

The failure comes from using SNI, as I was not handling it in my code.

A call to SSL_set_tlsext_host_name just fixes it :slight_smile:

Cheers

1 Like