SSL Connection from local machine

Snog

Snog

Well-known member
OK, I've never seen this happen and it doesn't happen for 99.99% of the sites I've used.

On my local development server which is not exposed to the internet, there is a site where the site resets the SSL connection when I attempt to access it using cURL.

As I said, I can access all other sites via SSL using cURL, it's just the one site that resets the connection. And I've tried everything I can think of short of putting the development server on a public IP.

Any ideas if there's something I can do?
 
Last edited:
It really doesn't even need to be a cURL command. A simple file_get_contents results in the connection being reset by the peer.

Which again, works for every other site except that one. Which tends to tell me the problem is on their end, but I have nothing to give them so far as advice on how to fix it.
 
Last edited:
I think that's what he was telling you... try using curl in it's verbose return mode. It should give you a better "list" of the error(s).
curl -v or curl --verbose
 
Here's the output from cURL from the command line...

Code: 
CONNECTED(00000003)
---
Certificate chain
 0 s:/CN=www.thesite.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=RapidSSL RSA CA 2018
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=RapidSSL RSA CA 2018
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGOzCCBSOgAwIBAgIQDvjBtAhfcILqe6VqwOINNzANBgkqhkiG9w0BAQsFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRSYXBpZFNTTCBSU0EgQ0EgMjAxODAe
Fw0xODA3MjcwMDAwMDBaFw0yMDA3MjYxMjAwMDBaMB0xGzAZBgNVBAMTEnd3dy50
aGVhdWRpb2RiLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALu8
8cFrER+q9/G56mEaf7TtX0NOkar8hrjOUsfuny7Y1Iepfa28DjWKev1fNXQ8SjZ+
Upf16K/Dz7q22GVT1hqlepA32bC3fJJsSKIXVFBBxpZV/6bbS29DCzbXpydvgIeE
51xUHQ2tb55WC/EsBsINcR9bPKXSFa97tc9gOr6qEPgPEcSntvI5qfSumOqN5bXl
7aiipkoBwpODnYZbV1fmLYPT9rE0L9OLq/4an9bSZokmSWy0fyD/xlDU8mhCsswr
C4YmOCyzogpXz9VvXgmz1WM7pKp5uZxwwv5hjPbks7/8URLNu3oRNLOeZvHuAj89
3SjCTFMo7XQSHAiO/JECAwEAAaOCAzQwggMwMB8GA1UdIwQYMBaAFFPKF1n8a8AD
IS8aruSqqByCVtp1MB0GA1UdDgQWBBRblaLlwsJdCvPk2w5xdlxEakOWfDAtBgNV
HREEJjAkghJ3d3cudGhlYXVkaW9kYi5jb22CDnRoZWF1ZGlvZGIuY29tMA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwPgYDVR0f
BDcwNTAzoDGgL4YtaHR0cDovL2NkcC5yYXBpZHNzbC5jb20vUmFwaWRTU0xSU0FD
QTIwMTguY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAECMCowKAYIKwYBBQUHAgEW
HGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQIBMHUGCCsGAQUF
BwEBBGkwZzAmBggrBgEFBQcwAYYaaHR0cDovL3N0YXR1cy5yYXBpZHNzbC5jb20w
PQYIKwYBBQUHMAKGMWh0dHA6Ly9jYWNlcnRzLnJhcGlkc3NsLmNvbS9SYXBpZFNT
TFJTQUNBMjAxOC5jcnQwCQYDVR0TBAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIB
agFoAHcApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFk3EomPgAA
BAMASDBGAiEAl8hVhKPWXDk3rO6Uq1pT/lT1Bk074xrmEX4OOrM7EGsCIQDPjIKf
QDHE0iXuHqNBqiQRNVc7wblXKpzl+n29OXmvqQB2AId1v+dZfPiMQ5lfvfNu/1aN
R1Y2/0q1YMG06v9eoIMPAAABZNxKJw0AAAQDAEcwRQIhAPISaTkdQS5Bi8xolSgn
ky+6nvlfNvYb6PAEtfhKk1PwAiBT/oeLQ0u4q9OgXAPAC7cmi5a2GS6y2htLa8Pw
SQQ/YgB1ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABZNxKJzIA
AAQDAEYwRAIga1gCSdzzj+qA1wg7rhGTNo+2+TGUTywCHnjHsnJG1PMCICHh08vZ
c7Z+ys0lWeqQQBY1/QlBj4pyJo6KNcgj8BjsMA0GCSqGSIb3DQEBCwUAA4IBAQDI
l74krp1Knp7gDbCoHaPVaQIXlpU1MIk/GuJsc7QgkC1vNwAk9M5pNFOETexd0oPf
A6xTmtptVPM4rvA8d68RH/SVok06R/HH2EN1uptBrNx7Zn4RBLs5BmreYBRRoA3x
HGO3n0kMVnszoZ65sJM6KwvT+esZz8LwYccGV7R7Ym3MBpGYSsF+9COEfZwzZ79h
OKJztyRtA2pV5Qf+/LBo1HBlkCDDQ56pivej6JQh5xK2qr2o20K4gl+iGBxFMfx5
OhowiKjfaaXGuyHODFVfhJOBeYtS9qzfummQBrVmP4D2JFXT/D9ULJ5d+g9x0Ier
OU8X1Kml6xNKAim1dCPJ
-----END CERTIFICATE-----
subject=/CN=www.thesite.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=RapidSSL RSA CA 2018
---
No client certificate CA names sent
---
SSL handshake has read 2970 bytes and written 502 bytes
Verification: OK
---
New, SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA
    Session-ID: 412600003000A1E84A4D8FF6066A15B4388CD1532D2DEF4DCBECF9B250895636    Session-ID-ctx:
    Master-Key: 4F6A5C49876FAEC6DBB198B7DC1B33CD7D90F4E7F50CCEFBD9F3B4751423126BBA1A65D34555E12CC4502E6E8F3D4FE7
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1533307195
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
 
I don't see anything that might prevent the connection via cURL in PHP.

Unless the "No client certificate CA names sent" might do it.
 
Assume running latest CURL? And have you checked the other connections.
Compare the one that works to the one that doesn't.
Pretty sure this is the area you need to compare
Code: 
New, SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA
 
Not the absolute latest (7.61.0) but fairly recent (what is distributed with Ubuntu 18.04) 7.58.0.
 
You must log in or register to reply here.

Similar threads

nesman
  • Question Question
XF 2.2 [E_WARNING] fpassthru(): SSL: Connection reset by peer
Replies
2
Views
407
TPerry
TPerry
N
SSL connection is not fully secure on my domain...
Replies
19
Views
3K
Neutral Singh
N
Back
Top Bottom