What’s the openssl version you have on the client machine? If it’s new can you try downgrading openssl version to match with the old one in the server?
LibreSSL 2.8.0 (August 6th, 2018) while the latest one LibreSSL 3.2.4 (February 12, 2021).
If possible please try to use same openssl version on both server and client, this will possibly resolve if there is any limitations in supported ciphers on either side.
Install/upgrade ca-certificates
and openssl
.
What is your output of running openssl version -a
and which openssl
?
curl spectrumcomputing.co.uk response:
TCP_NODELAY set
Expire in 149995 ms for 3 (transfer 0x560eb53c1b50)
Expire in 200 ms for 4 (transfer 0x560eb53c1b50)
Connected to spectrumcomputing.co.uk (172.67.164.250) port 80 (#0)
GET / HTTP/1.1
Host: spectrumcomputing.co.uk
User-Agent: curl/7.64.0
Accept: */*
HTTP/1.1 301 Moved Permanently
Date: Mon, 15 Feb 2021 18:32:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 15 Feb 2021 19:32:49 GMT
Location: https://spectrumcomputing.co.uk/
cf-request-id: 08489086600000f9d6a9b28000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mlshZVVuMN01jX2hJoKEk7wWbl%2BYlxHp3f%2BItcL4LGJGLBNOIgFTziYMFWh%2BEAU0gJAFuiS4cZQaiRPb9QSebeRDVcM2FhVZianQ4fvKboXme7SrhOqghQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 62211d1d6889f9d6-PRG
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Connection #0 to host spectrumcomputing.co.uk left intact
curl https://spectrumcomputing.co.uk response: ← you have Security DDoS protection here or Page Rule or Firewall Rule
TCP_NODELAY set
Expire in 149995 ms for 3 (transfer 0x55b168202b50)
Expire in 200 ms for 4 (transfer 0x55b168202b50)
Connected to spectrumcomputing.co.uk (104.21.49.166) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
successfully set certificate verify locations:
CAfile: none
CApath: /etc/ssl/certs
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS handshake, Server key exchange (12):
TLSv1.2 (IN), TLS handshake, Server finished (14):
TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
TLSv1.2 (OUT), TLS handshake, Finished (20):
TLSv1.2 (IN), TLS handshake, Finished (20):
SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305
ALPN, server accepted to use h2
Server certificate:
subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
start date: Feb 12 00:00:00 2021 GMT
expire date: Feb 11 23:59:59 2022 GMT
subjectAltName: host "spectrumcomputing.co.uk" matched cert's "spectrumcomputing.co.uk"
issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
SSL certificate verify ok.
Using HTTP2, server supports multi-use
Connection state changed (HTTP/2 confirmed)
Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
Using Stream ID: 1 (easy handle 0x55b168202b50)
GET / HTTP/2
Host: spectrumcomputing.co.uk
User-Agent: curl/7.64.0
Accept: */*
Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
HTTP/2 503
date: Mon, 15 Feb 2021 18:35:21 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=def2487748dbbb365c5d911843270fdfe1613414121; expires=Wed, 17-Mar-21 18:35:21 GMT; path=/; domain=.spectrumcomputing.co.uk; HttpOnly; SameSite=Lax; Secure
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cf-request-id: 084892d90000004a61f2bf1000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DMV%2FytqVHjBXiKJnF4I4HgVil%2Fk5%2F%2FB8nK89krTtUkQ6ZtdKobb0FVYzTKJp2B5DRwwZNies1nyK6dlZscO%2F3WZmPOAZXJVdkbovas3LpkFvAftrXgblgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622120d4cf794a61-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
openssl_client response:
CONNECTED(00000003)
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
verify return:1
---
Certificate chain
0 s:C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
i:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
1 s:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE0zCCBHmgAwIBAgIQDE4KQELgEElsWAystfk9MDAKBggqhkjOPQQDAjBKMQsw
CQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX
Q2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwMjEyMDAwMDAwWhcNMjIwMjEx
MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQG
A1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEe
MBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZI
zj0DAQcDQgAETrx9XRE+V3naYm01VMVtwtcS97l1uNFWZl9HVRXvJNNH4dFe4Ecv
5MHPyvKo8AfmyjimTDiUxGYELfsOrR+KrqOCAxQwggMQMB8GA1UdIwQYMBaAFKXO
N+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBS3V6qpZGhG4s4RQIDeJtvJXv8E
BTBUBgNVHREETTBLghVzbmkuY2xvdWRmbGFyZXNzbC5jb22CF3NwZWN0cnVtY29t
cHV0aW5nLmNvLnVrghkqLnNwZWN0cnVtY29tcHV0aW5nLmNvLnVrMA4GA1UdDwEB
/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwewYDVR0fBHQw
cjA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNF
Q0NDQS0zLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0Nsb3Vk
ZmxhcmVJbmNFQ0NDQS0zLmNybDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsG
AQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwdgYIKwYBBQUHAQEE
ajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQAYIKwYB
BQUHMAKGNGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5j
RUNDQ0EtMy5jcnQwDAYDVR0TAQH/BAIwADCCAQQGCisGAQQB1nkCBAIEgfUEgfIA
8AB1ACl5vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABd5eCfaYAAAQD
AEYwRAIgM+T6ck3+c84obyVEKdMJBmDDTWRhsvnZPJZkT/ELAW4CIG8kiNnn010h
m5T90gYn44jCLkQlh1HKGU1vH1ckQ0CMAHcAIkVFB1lVJFaWP6Ev8fdthuAjJmOt
wEt/XcaDXG7iDwIAAAF3l4J9wAAABAMASDBGAiEA0jHLs8HpcPHW0WpuA6y4jfm2
mrsrI6t6N0kn5AFL2ZsCIQDqUxwjA8aUbFiL3HIMEAtdxuNtYqkxdoo3vO2N+iTw
ezAKBggqhkjOPQQDAgNIADBFAiEAmcfF4PxdUuYSUNMPAAt9NPT8A/8sfnH/9kI4
PpIMmf8CIH1Gfb3dBm0HQnAwi0v5cSFVhCdeg42VEH84pERxeBb1
-----END CERTIFICATE-----
subject=C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
issuer=C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2686 bytes and written 410 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-ECDSA-CHACHA20-POLY1305
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-CHACHA20-POLY1305
Session-ID: 23EAC72CA5BA31A4FC58523AF7EA9203809896867B197FD7E921E3A3CD413694
Session-ID-ctx:
Master-Key: 5176E5FB587A7F1B3D2E303CB92C5BCF2ED0C208C42BD9E46388DA2653DDB9DAD551B9E468099FE3423917419B212F83
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 64800 (seconds)
TLS session ticket:
0000 - a2 ef 7e 5e ef 06 9f 09-43 88 20 1b ca 47 94 10 ..~^....C. ..G..
0010 - a7 5c 2a d6 69 37 52 c9-cf a8 47 b0 1e 08 e8 f2 .\*.i7R...G.....
0020 - c8 78 c7 01 d5 45 53 a1-89 48 b4 2d 2f 46 e8 b1 .x...ES..H.-/F..
0030 - a1 d2 84 8a ba 1d 78 77-ac 70 e5 0d 67 44 5a 0d ......xw.p..gDZ.
0040 - b3 fa e6 d3 0e 8a e4 63-21 ac f8 25 3c 94 75 e9 .......c!..%<.u.
0050 - 5d 2d 7c f2 76 42 bc 2b-73 ce c3 ff 8a 9b 22 f5 ]-|.vB.+s.....".
0060 - 12 dc 33 5b 99 f0 be 7f-19 0e 68 a6 8b 13 1c ff ..3[......h.....
0070 - 73 9f ee 06 d7 30 4e 73-c2 db 5d 2f 7a 37 0e b0 s....0Ns..]/z7..
0080 - 13 ca 27 77 83 8f 7c a2-7f 6b 1b 72 dc b0 45 92 ..'w..|..k.r..E.
0090 - 06 2d 2a f5 4a 09 f7 9a-1e 7a ea eb 9b 8c fd 50 .-*.J....z.....P
00a0 - 22 54 96 7f d0 4b f1 15-3e 97 5e 0b e7 d4 19 f8 "T...K..>.^.....
00b0 - 65 7f e1 17 61 ea 65 37-85 be 6e 67 8f 1b fc 4d e...a.e7..ng...M
Start Time: 1613413514
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---