LWP::UserAgent and 500 SSL negotiation failed

Question

I'm running an old Debian server that once a day fetches a webpage through a Perl script. Since yesterday, the script fails with a "500 SSL negotiation failed" error.

use strict;
use LWP::UserAgent;

my $browserObj = LWP::UserAgent->new();

$response = $browserObj->get( "https://www.domain.tld" );
print $response->status_line . "\n" if( ! $response->is_success );

Like I said, it's an old server running old versions of everything:

• Perl: 5.8.8
• OpenSSL: 0.9.8c
• LWP: 5.805
• Crypt::SSLeay: 0.57

I made a snapshot of the server so I could try all kinds of solutions and return to the snapshot if it fails. Which is exactly what I did after each test, return to the original server state.

Test 1: First thing I tried was updating OpenSSL to 1.0.2d. That did not help, I still got the "SSL negotiation failed" error. I then updated Crypt:SSLeay. That broke SSL altogether (caused the server to be unable to connect to any secure server).

Test 2: Updated Crypt::SSLeay without updating OpenSSL. Caused the server to unable to connect to secure servers again.

Test 3: Updated OpenSSL to 1.0.2d. Updated LWP. Made no difference. Still got "500 SSL negotiation failed"

Is there anything else I could try?

PS: For several reasons I'm unable to update Debian itself.

Answer 1

I got it to work for Perl. As I suspected, each program on the server that uses SSL needs to be patched seperately. But this was the solution for Perl:

1) Update OpenSSL (to version 1.0.2d)

This is a necessary step for every program that uses SSL! On my Debian system, I used the instructions found here.

2) Update Net::SSLeay

This was necessary otherwise step 4) would fail.

$ cpan Net::SSLeay

3) Update Getopt::Long

Again, this step was necessary otherwise step 4) would fail.

$ cpan Getopt::Long

4) Update Crypt::SSLeay

Note that this will also update LWP.

$ cpan Crypt::SSLeay