<div dir="ltr"><div>Thanks for the response Matt. The SSL 3 switch was one of many that were tried just for the sake of testing. I tried a few other switches, but am getting the same results.</div><div><br></div><div>I did a tcpdump of the attempted connection, and you can see that the initial connection is established, but the connection is immediately dropped after that.</div><div><br></div><div>We've been try to determine if this is an openssl issue (misconfiguration, incompatibility, or whatever), a wget issue, or a network issue somewhere along the path between the two servers. My support end had me try the "no-check-certificate" option to remove the certificate on my server from the equation.</div><div><br></div><div>It always fails after trying to initialize the SSL handshake</div><div><br></div><div><br></div><div>[root@hostname ~]# wget <a href="https://domain.name.com:8443">https://domain.name.com:8443</a> --debug<br>DEBUG output created by Wget 1.14 on linux-gnu.<br> <br>URI encoding = âUTF-8â<br>Converted file name 'index.html' (UTF-8) -> 'index.html' (UTF-8)<br>Converted file name 'index.html' (UTF-8) -> 'index.html' (UTF-8)<br>--2017-10-11 08:45:19-- <a href="https://domain.name.com:8443/">https://domain.name.com:8443/</a><br>Resolving <a href="http://domain.name.com">domain.name.com</a> (<a href="http://domain.name.com">domain.name.com</a>)... <ip.address><br>Caching <a href="http://domain.name.com">domain.name.com</a> => <ip.address><br>Connecting to <a href="http://domain.name.com">domain.name.com</a> (<a href="http://domain.name.com">domain.name.com</a>)|<ip.address>|:8443... connected.<br>Created socket 3.<br>Releasing 0x0000000002744320 (new refcount 1).<br>Initiating SSL handshake.<br>SSL handshake failed.<br>Closed fd 3<br>Unable to establish SSL connection.<br> <br> <br>wget <a href="https://domain.name.com:8443">https://domain.name.com:8443</a> --no-check-certificate --debug<br> <br>[root@hostname ~]# wget <a href="https://domain.name.com:8443">https://domain.name.com:8443</a> --no-check-certificate --debug<br>DEBUG output created by Wget 1.14 on linux-gnu.<br> <br>URI encoding = âUTF-8â<br>Converted file name 'index.html' (UTF-8) -> 'index.html' (UTF-8)<br>Converted file name 'index.html' (UTF-8) -> 'index.html' (UTF-8)<br>--2017-10-11 08:49:26-- <a href="https://domain.name.com:8443/">https://domain.name.com:8443/</a><br>Resolving <a href="http://domain.name.com">domain.name.com</a> (<a href="http://domain.name.com">domain.name.com</a>)... <ip.address><br>Caching <a href="http://domain.name.com">domain.name.com</a> => <ip.address><br>Connecting to <a href="http://domain.name.com">domain.name.com</a> (<a href="http://domain.name.com">domain.name.com</a>)|<ip.address>|:8443... connected.<br>Created socket 3.<br>Releasing 0x00000000017b0340 (new refcount 1).<br>Initiating SSL handshake.<br>SSL handshake failed.<br>Closed fd 3<br>Unable to establish SSL connection.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Oct 11, 2017 at 5:10 AM, Matt Caswell <span dir="ltr"><<a href="mailto:matt@openssl.org" target="_blank">matt@openssl.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span><br>
<br>
On 11/10/17 03:57, Paul Greene wrote:<br>
> [root@hostname ~]# wget <a href="https://domain.name.com:8443" target="_blank" rel="noreferrer">https://domain.name.com:8443</a><br>
> --secure-protocol=SSLv3 --debug<br>
> DEBUG output created by Wget 1.14 on linux-gnu.<br>
<br>
</span>The "--secure-protocol=SSLv3" bit looks suspect. According to the wget<br>
man page this forces only SSLv3 to be negotiated. If the server doesn't<br>
support it (which is common) then you're out of luck. SSLv3 is very old,<br>
insecure and generally should not be used. Setting "--secure-protocol"<br>
to "auto" (the default) would be a better choice.<br>
<span class="HOEnZb"><font color="#888888"><br>
Matt<br>
<br>
--<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" target="_blank" rel="noreferrer">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
</font></span></blockquote></div><br></div>