[bug-notifications] [wget 0005068]: Problems negotiating SSL with updates.oracle.com

Mantis Bug Tracker noreply at opencsw.org
Fri Jun 7 22:39:16 CEST 2013

A NOTE has been added to this issue. 
Reported By:                beezly
Assigned To:                dam
Project:                    wget
Issue ID:                   5068
Category:                   regular use
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     assigned
Date Submitted:             2013-04-19 11:58 CEST
Last Modified:              2013-06-07 22:39 CEST
Summary:                    Problems negotiating SSL with updates.oracle.com
with wget 1.14 I am experiencing problems connecting to updates.oracle.com
(as PCA does when it pulls down the patchdiag.xref file).

If I do;

/opt/csw/bin/wget -d --progress=dot:binary
--ca-certificate=/opt/csw/bin/pca -O /var/tmp/patchdiag.xref

I get;

Setting --progress (progress) to dot:binary
Setting --ca-certificate (cacertificate) to /opt/csw/bin/pca
Setting --output-document (outputdocument) to /var/tmp/patchdiag.xref
DEBUG output created by Wget 1.14 on solaris2.10.

URI encoding = 'ISO8859-1'
--2013-04-19 10:54:03-- 
Resolving getupdates.oracle.com (getupdates.oracle.com)...
Caching getupdates.oracle.com =>
Connecting to getupdates.oracle.com
(getupdates.oracle.com)||:443... connected.
Created socket 5.
Releasing 0x000e8a18 (new refcount 1).
Initiating SSL handshake.
SSL handshake failed.
Closed fd 5
Unable to establish SSL connection.

The same works if I use /usr/sfw/bin/wget instead (1.12 on this system). 
Relationships       ID      Summary
has duplicate       0005076 Unable to establish SSL connection

 (0010422) yann (developer) - 2013-06-07 22:39
Finally a real answer from Oracle after a long time, I put it below.
Opencsw is mentioned in the documentation about wget.

I will give them the exact workaround if they want to add it.


Hi Yann,

Website admin team will plan to upgrade the webserver s/w during their next
meeting so it can support TLS1.2. At this time, TLS1.2 is not supported.

https://getupdates.oracle.com web server does not fully support TLS 1.2
Only OpenSSL versions from branch 1.0.0 will work - Oracle Solaris does not
deliver higher versions at this time.
Customers who are trying to access the URL using latest wget/OpenSSL (ie.
from www.opencsw.org) version with TLS 1.2 support may get connection

The same is documented, please refer below oracle doc..

Patch download automation for Sun products using wget [ID 1199543.1]

I will close this case on 10th-june unless you need further clarification
on this 


More information about the bug-notifications mailing list