Secure Connection Failed

Support for security such as Firewalls and securing linux
Post Reply
fiedzia
Posts: 8
Joined: 2018/08/16 06:43:31

Secure Connection Failed

Post by fiedzia » 2018/09/13 12:39:59

I have Centos 7 fresh installed server and secure connections issues in it.

>dotnet restore
throw errors:
Restoring packages for /home/admin/Konsole/test/test.csproj...
/usr/share/dotnet/sdk/2.1.401/NuGet.targets(114,5): error : Unable to load the service index for source https://api.nuget.org/v3/index.json...
/usr/share/dotnet/sdk/2.1.401/NuGet.targets(114,5): error : The SSL connection could not be established, see inner exception...
/usr/share/dotnet/sdk/2.1.401/NuGet.targets(114,5): error : Unable to read data from the transport connection: Connection reset by peer...
/usr/share/dotnet/sdk/2.1.401/NuGet.targets(114,5): error : Connection reset by peer...

>nuget update -self
Checking for updates from https://www.nuget.org/api/v2/.
Error: SecureChannelFailure (The authentication or decryption has failed.)

I can
>firefox https://support.mozilla.org/en-US/kb/ge ... n-features
but
>firefox https://stackoverflow.com/questions/493 ... t-core-1-0
throws to screen:
Secure Connection Failed
The connection to the server was reset while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Learn more…
Report errors like this to help Mozilla identify and block malicious sites

Problems not exist in SLES12. So it is, may be, not infrastructure problem.
I assume all issues due my Centos 7 configuration.

PS
/etc/selinux/config
SELINUX=disabled

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Secure Connection Failed

Post by TrevorH » 2018/09/13 16:51:19

Use curl to fetch the web page and see what errors it tells you about.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

fiedzia
Posts: 8
Joined: 2018/08/16 06:43:31

Re: Secure Connection Failed

Post by fiedzia » 2018/09/14 05:58:31

>curl -1 https://support.mozilla.org/en-US/get-s ... n-features -v >mozilla.txt
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* About to connect() to support.mozilla.org port 443 (#0)
* Trying 52.25.43.230...
* Connected to support.mozilla.org (52.25.43.230) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=support.mozilla.org
* start date: Jul 31 00:00:00 2018 GMT
* expire date: Aug 31 12:00:00 2019 GMT
* common name: support.mozilla.org
* issuer: CN=Amazon,OU=Server CA 1B,O=Amazon,C=US
> GET /en-US/get-started-firefox-overview-main-features HTTP/1.1
> User-Agent: curl/7.29.0
> Host: support.mozilla.org
> Accept: */*
>
< HTTP/1.1 404 NOT FOUND
< Content-Type: text/html; charset=utf-8
< Date: Fri, 14 Sep 2018 05:44:42 GMT
< Server: meinheld/0.6.1
< strict-transport-security: max-age=31536000
< Vary: X-Mobile, User-Agent
< X-Backend-Server: sumo-prod-web-b64f67765-sdpvp.oregon-b.moz.works
< x-content-type-options: nosniff
< X-Frame-Options: DENY
< X-Robots-Tag: noodp
< x-xss-protection: 1; mode=block
< transfer-encoding: chunked
< Connection: keep-alive
<
{ [data not shown]
100 9929 0 9929 0 0 9559 0 --:--:-- 0:00:01 --:--:-- 9565
* Connection #0 to host support.mozilla.org left intact


>curl -1 https://stackoverflow.com/questions/493 ... t-core-1-0 -v
* About to connect() to stackoverflow.com port 443 (#0)
* Trying 151.101.65.69...
* Connected to stackoverflow.com (151.101.65.69) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NSS error -5961 (PR_CONNECT_RESET_ERROR)
* TCP connection reset by peer
* Closing connection 0
curl: (35) TCP connection reset by peer

>curl -2 https://stackoverflow.com/questions/493 ... t-core-1-0 -v
* About to connect() to stackoverflow.com port 443 (#0)
* Trying 151.101.129.69...
* Connected to stackoverflow.com (151.101.129.69) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* NSS error -12168 (SSL_ERROR_INVALID_VERSION_RANGE)
* SSL version range is not valid.
* Closing connection 0
curl: (35) SSL version range is not valid.

>curl -3 https://stackoverflow.com/questions/493 ... t-core-1-0 -v
* About to connect() to stackoverflow.com port 443 (#0)
* Trying 151.101.1.69...
* Connected to stackoverflow.com (151.101.1.69) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP)
* Cannot communicate securely with peer: no common encryption algorithm(s).
* Closing connection 0
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: Secure Connection Failed

Post by avij » 2018/09/14 06:02:23

Maybe you should not use those -1, -2 and -3 paramaters but let curl negotiate the best protocol by itself.

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: Secure Connection Failed

Post by avij » 2018/09/14 06:36:29

That said, those "connection reset by peer" error messages sound like there's something wrong with your network, and that problem is likely somewhere else than in CentOS.

fiedzia
Posts: 8
Joined: 2018/08/16 06:43:31

Re: Secure Connection Failed

Post by fiedzia » 2018/09/14 10:58:20

avij wrote:
2018/09/14 06:36:29
That said, those "connection reset by peer" error messages sound like there's something wrong with your network, and that problem is likely somewhere else than in CentOS.
Thank you. You are right. Administrator arrange firewall. It works now.

I've mistaken by
>firefox https://support.mozilla.org/en-US/kb/ge ... n-features
and
>firefox https://stackoverflow.com/questions/493 ... t-core-1-0
different action

Post Reply