FS#60377 - Error during establishing SSL connection with any of *.archlinux.org behind corporate proxy
Attached to Project:
AUR web interface
Opened by Michal (Noname) - Wednesday, 10 October 2018, 18:57 GMT
Last edited by Morten Linderud (Foxboron) - Sunday, 27 February 2022, 01:29 GMT
Opened by Michal (Noname) - Wednesday, 10 October 2018, 18:57 GMT
Last edited by Morten Linderud (Foxboron) - Sunday, 27 February 2022, 01:29 GMT
|
Details
I'm connecting behind corporate MITM, I've got installed my
company CA certificate but when I attempt to perform:
`openssl s_client -showcerts -connect aur.archlinux.org:443`
i receive following output:
[code] CONNECTED(00000005) 139955453583872:error:1425F175:SSL routines:ssl_choose_client_version:inappropriate fallback:ssl/statem/statem_lib.c:1929: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 85 bytes and written 326 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- [/code] Due to this error I'm not able to install some AUR packages. When I try to connect some other hosts for example: `s_client -showcerts -connect wikipedia.org:443` I'm able to establish connection. |
This task depends upon
Closed by Morten Linderud (Foxboron)
Sunday, 27 February 2022, 01:29 GMT
Reason for closing: No response
Sunday, 27 February 2022, 01:29 GMT
Reason for closing: No response
From what you have posted so far, it looks like your proxy can't handle any of these settings and then it's trying to fallback, but none of the ciphers it supports can be used.
Can you provide full log of openssl connect?