Menu
community/AW_Blog: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure in magento blog aheadwork instalation
448
A TLS/SSL handshake failure occurs when a client and server cannot establish communication using the TLS/SSL protocol. When this error occurs in Apigee Edge, the client application receives an HTTP status 503 with the message Service Unavailable.
The SSL Handshake Error occurs if the read access has not been granted to the OS, thus preventing the web server from completing authentication. It indicates that the browser's connection to the web server isn't secure.
It seems that Magento finally got around to Poodle fixes and disabled SSLV3 on Magento Connect. But in a left-hand, right-hand disconnect type thing, forgot that the downloader/ software they provide has SSLV3 issues in some curl requests it uses and didn't provide a patch.
downloader/lib/Mage/HTTP/Client/Curl.php is the affected file and a curl request needs to be modified to request TLS. The lines look something like this:
$this->curlOption(CURLOPT_URL, $uri);
$this->curlOption(CURLOPT_SSL_VERIFYPEER, FALSE);
$this->curlOption(CURLOPT_SSL_VERIFYHOST, 2);
Add your own curl option for TLSV1 as follows:
$this->curlOption(CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
Note that this isn't in app/core or lib, but over in downloader/lib
129
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
