SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

Why Wait
Hello everybody,

I have ssl in cloudflare, but i have error in curl with tsl 1.0

aa1ebb90 23:45:42 SockConf: Host: TEST.MARGO.AZ Port: 443
aa1ebb90 23:45:42 SockConf: Connecting to 104.18.37.72 port 443 (timeout: -1)
aa1ebb90 23:45:42 SockConf: Connected from port 44766
aa1ebb90 23:45:42 OpenSSL : Sock: 64
aa1ebb90 23:45:42 OpenSSL : SSL Connect
aa1ebb90 23:45:42 OpenSSL : SSL_Connect: before/connect initialization
aa1ebb90 23:45:42 OpenSSL : SSL_Connect: SSLv3 write client hello A
aa1ebb90 23:45:42 OpenSSL : SSL3 alert read: fatal: handshake failure
aa1ebb90 23:45:42 OpenSSL : SSL_Connect:failed in error
aa1ebb90 23:45:42 OpenSSL : Connect RC: 0 Error: 1
aa1ebb90 23:45:42 OpenSSL : ERROR(Connect): error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

Connects fine for me

$ openssl s_client -connect test.margo.az:443 -servername test.margo.az
CONNECTED(00000003)
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
verify return:1
depth=0 C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=CA/L=San Francisco/O=Cloudflare, Inc./CN=sni.cloudflaressl.com
   i:/C=US/O=Cloudflare, Inc./CN=Cloudflare Inc ECC CA-3
 1 s:/C=US/O=Cloudflare, Inc./CN=Cloudflare Inc ECC CA-3
   i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEuzCCBGGgAwIBAgIQChwkM9AODf+2MSLISGBLoTAKBggqhkjOPQQDAjBKMQsw
CQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX
Q2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjAwNTI4MDAwMDAwWhcNMjEwNTI4
MTIwMDAwWjBtMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNh
biBGcmFuY2lzY28xGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xHjAcBgNVBAMT
FXNuaS5jbG91ZGZsYXJlc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
BOkjLuriuXEhcrRXND+RMa+7lo0fnTjMyOh42acSR/Q3/YSMZTCA4I/rQKpw7Veg
6Ka4mQwD9VHcMx/gvrGR90ijggMEMIIDADAfBgNVHSMEGDAWgBSlzjfq67B1DpRn
iLRF+tkkEIeWHzAdBgNVHQ4EFgQUmauABMSCDIqqnBDaCBaflnGxo9wwNgYDVR0R
BC8wLYIIbWFyZ28uYXqCFXNuaS5jbG91ZGZsYXJlc3NsLmNvbYIKKi5tYXJnby5h
ejAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9DbG91
ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0
LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcmwwTAYDVR0gBEUwQzA3BglghkgB
hv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ
UzAIBgZngQwBAgIwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8v
b2NzcC5kaWdpY2VydC5jb20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jYWNlcnRzLmRp
Z2ljZXJ0LmNvbS9DbG91ZGZsYXJlSW5jRUNDQ0EtMy5jcnQwDAYDVR0TAQH/BAIw
ADCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2APZclC/RdzAiFFQYCDCUVo7jTRMZ
M7/fDC8gC8xO8WTjAAABclyLbMAAAAQDAEcwRQIhAJ1qom0gjyq0WN3fgrk0Dw+J
8ijnRxR4pjlOJam8+IYpAiAUcXCPQ8jZtrg+bY8RGV14UTjvMQyJDa4YvVnrBDN2
HAB2AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABclyLbN8AAAQD
AEcwRQIgPeOY2l4f5ABJ2qN+9J0QBEVYk+AEKDqgWngtl/zX764CIQCRwhVCJfTd
BRCIyPUe7hdCkIfdJE7LwGhlCPkztXT1HDAKBggqhkjOPQQDAgNIADBFAiAhdziG
tcro9bIXiOsVtKdcvRHKVHuMYx6ZOb0J31KcQAIhANDZj2uzAqXaqLm10+x6kp7/
9ZPvCK3LGMWH5mQ4h78e
-----END CERTIFICATE-----
subject=/C=US/ST=CA/L=San Francisco/O=Cloudflare, Inc./CN=sni.cloudflaressl.com
issuer=/C=US/O=Cloudflare, Inc./CN=Cloudflare Inc ECC CA-3
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2661 bytes and written 283 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-ECDSA-CHACHA20-POLY1305
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-ECDSA-CHACHA20-POLY1305
    Session-ID: 38384FE1F591E17FE07F59856CD9DD2213841867FA7DCB6D2B51996A46520AAE
    Session-ID-ctx:
    Master-Key: 6A46A7A764C1BE3C0BA3FBF3660C5A6FB3ECF7B8092F3B5B26AC518F948D203C29100A1096B818C4022C777605632990
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 64800 (seconds)
    TLS session ticket:
    0000 - 37 f1 db aa 69 8a 78 e5-6f c8 27 25 2b d2 62 7a   7...i.x.o.'%+.bz
    0010 - 1d eb d3 6b cf 65 ea b7-78 a8 67 74 36 e2 d4 b2   ...k.e..x.gt6...
    0020 - eb 2f ea 28 6a 31 a0 2b-c3 70 06 9b 9e 7e 6d c6   ./.(j1.+.p...~m.
    0030 - 28 51 1f 1b 3c 48 ea 21-b5 c2 58 ad 85 72 6a 32   (Q..<H.!..X..rj2
    0040 - 3c 87 87 43 47 43 53 31-cf 30 84 53 18 95 5c 43   <..CGCS1.0.S..\C
    0050 - f2 26 32 10 ea e7 b6 ca-b6 d8 5a f9 5f 8d 2c e7   .&2.......Z._.,.
    0060 - d5 87 70 57 93 ba 52 07-c0 b4 55 5a a6 df 72 85   ..pW..R...UZ..r.
    0070 - f4 c3 f7 01 76 bc 9b 33-9a 34 b4 0f be 57 d7 e4   ....v..3.4...W..
    0080 - 4b b6 a4 04 74 e2 d1 bd-1c d4 2d 07 4c 23 bb 2b   K...t.....-.L#.+
    0090 - 07 93 48 64 bb 7c 42 a8-2e 53 78 51 e3 52 82 d9   ..Hd.|B..SxQ.R..
    00a0 - ef ea d5 82 76 7a 27 e7-ab e2 97 64 8c cc 24 56   ....vz'....d..$V
    00b0 - 1c bb be 08 4f 95 d6 6d-04 7b 3d 41 87 5b 19 47   ....O..m.{=A.[.G

    Start Time: 1590692494
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
closed

Possibly an issue with your OpenSSL version. Try to update it, if that doesnt work they might have some ideas at https://mta.openssl.org/mailman/listinfo/openssl-users

This topic was automatically closed after 30 days. New replies are no longer allowed.