OpenSSL errno=104

Danilo Singh danilosingh at hotmail.com
Fri Aug 26 03:59:02 UTC 2022 

Hello, we have a problem with a .NET application running on a Linux server, possibly caused by incorrect TLS settings on the server we are making requests to.
We made several attempts to configure OpenSSL on our server and none were able to connect to the destination server address.
The URL we are trying to connect to is notacarioca.rio.gov.br.
When trying to run an openssl s_client -connect, we get error 104, with the following return:

openssl s_client -connect notacarioca.rio.gov.br:443

CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 334 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

When executing an nmap at the address we have the following result

 nmap --script ssl-enum-ciphers -p 443 notacarioca.rio.gov.br
Starting Nmap 7.70 ( https://nmap.org ) at 2022-08-26 00:44 -03
Nmap scan report for notacarioca.rio.gov.br (187.111.98.122)
Host is up (0.15s latency).

PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 7.11 seconds

Currently the OpenSSL configuration on our server looks like this. We tried several ways, but none worked. As we have little experience with OpenSSL we don't know what is wrong.​

CipherString = DEFAULT at SECLEVEL=0
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:TLS_RSA_WITH_AES_128_CBC_SHA256:TLS_RSA_WITH_AES_256_CBC_SHA256:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_256_GCM_SHA384
MinProtocol = TLSv1.0
MaxProtocol = TLSv1.3
SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_rsae_sha256:rsa_pss_pss_sha384:rsa_pss_rsae_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1

An observation is that our application running in Windows environment works. We were able to access the URL normally.
Can someone please help us to solve this problem?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220826/fed318e7/attachment.htm>

More information about the openssl-users mailing list