I'm trying to test some web services provided by a b2 on the DVM (9.1.201404.160205) before uploading to our staging environment, but I keep getting these SSL errors even with --insecure (-k):
$ curl https://localhost:9877 -k -v
* Rebuilt URL to: https://localhost:9877/
* Trying ::1...
* connect to ::1 port 9877 failed: Connection refused
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 9877 (#0)
* Unknown SSL protocol error in connection to localhost:-9850
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to localhost:-9850
I know that the cert is self-signed (and expired) -- but I thought that --insecure would cause that to be dropped. I've been playing with different switches to force various ssl/tls versions and ciphers (stack overflow had some advice that this error is related to an odd protocol/cipher combo on the server side), but alas I haven't hit the combo yet.
testssl.sh had this to report:
--> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)
SSLv2 not offered (OK)
SSLv3 offered (NOT ok)
TLS 1 offered
TLS 1.1 offered
TLS 1.2 not offered (NOT ok)
SPDY/NPN not offered
--> Testing ~standard cipher lists
Null Ciphers not offered (OK)
Anonymous NULL Ciphers not offered (OK)
Anonymous DH Ciphers not offered (OK)
40 Bit encryption Local problem: No 40 Bit encryption configured in /usr/local/opt/openssl/bin/openssl
56 Bit encryption Local problem: No 56 Bit encryption configured in /usr/local/opt/openssl/bin/openssl
Export Ciphers (general) Local problem: No Export Ciphers (general) configured in /usr/local/opt/openssl/bin/openssl
Low (<=64 Bit) Local problem: No Low (<=64 Bit) configured in /usr/local/opt/openssl/bin/openssl
DES Ciphers Local problem: No DES Ciphers configured in /usr/local/opt/openssl/bin/openssl
Medium grade encryption offered (NOT ok)
Triple DES Ciphers not offered (OK)
High grade encryption not offered (NOT ok)
--> Testing (perfect) forward secrecy, (P)FS -- omitting 3DES, RC4 and Null Encryption here
Not OK: No ciphers supporting Forward Secrecy offered
--> Testing server preferences
Has server cipher order? nope (NOT ok)
Negotiated protocol Handshake error!TLSv1.2
Negotiated cipher 0000, 768 bit DH (limited sense as client will pick)
Negotiated cipher per proto (limited sense as client will pick)
Local problem: /usr/local/opt/openssl/bin/openssl doesn't support "s_client -ssl2"
No further cipher order check has been done as order is determined by the client
--> Testing server defaults (Server Hello)
Strange, no SSL/TLS protocol seems to be supported (error around line 1803)
Does anyone know of a way to get it working?
Or maybe another thing to ask is - am I the only one who's having a problem? Does curl work for other folks against the DVM?
Note: this is a somewhat academic question, as I can successfully test against the DVM in a browser window via https://ws_user:ws_pass@localhost:9877/webapps/