[bug-notifications] [wget 0005068]: Problems negotiating SSL with updates.oracle.com
Mantis Bug Tracker
noreply at opencsw.org
Fri Jun 7 22:39:16 CEST 2013
A NOTE has been added to this issue.
======================================================================
https://www.opencsw.org/mantis/view.php?id=5068
======================================================================
Reported By: beezly
Assigned To: dam
======================================================================
Project: wget
Issue ID: 5068
Category: regular use
Reproducibility: always
Severity: minor
Priority: normal
Status: assigned
======================================================================
Date Submitted: 2013-04-19 11:58 CEST
Last Modified: 2013-06-07 22:39 CEST
======================================================================
Summary: Problems negotiating SSL with updates.oracle.com
Description:
with wget 1.14 I am experiencing problems connecting to updates.oracle.com
(as PCA does when it pulls down the patchdiag.xref file).
If I do;
/opt/csw/bin/wget -d --progress=dot:binary
--ca-certificate=/opt/csw/bin/pca -O /var/tmp/patchdiag.xref
"https://getupdates.oracle.com/reports/patchdiag.xref"
I get;
Setting --progress (progress) to dot:binary
Setting --ca-certificate (cacertificate) to /opt/csw/bin/pca
Setting --output-document (outputdocument) to /var/tmp/patchdiag.xref
DEBUG output created by Wget 1.14 on solaris2.10.
URI encoding = 'ISO8859-1'
--2013-04-19 10:54:03--
https://getupdates.oracle.com/reports/patchdiag.xref
Resolving getupdates.oracle.com (getupdates.oracle.com)... 141.146.44.51
Caching getupdates.oracle.com => 141.146.44.51
Connecting to getupdates.oracle.com
(getupdates.oracle.com)|141.146.44.51|:443... connected.
Created socket 5.
Releasing 0x000e8a18 (new refcount 1).
Initiating SSL handshake.
SSL handshake failed.
Closed fd 5
Unable to establish SSL connection.
The same works if I use /usr/sfw/bin/wget instead (1.12 on this system).
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
has duplicate 0005076 Unable to establish SSL connection
======================================================================
----------------------------------------------------------------------
(0010422) yann (developer) - 2013-06-07 22:39
https://www.opencsw.org/mantis/view.php?id=5068#c10422
----------------------------------------------------------------------
Finally a real answer from Oracle after a long time, I put it below.
Opencsw is mentioned in the documentation about wget.
I will give them the exact workaround if they want to add it.
--------------------------------------------------------------------
Hi Yann,
Website admin team will plan to upgrade the webserver s/w during their next
meeting so it can support TLS1.2. At this time, TLS1.2 is not supported.
https://getupdates.oracle.com web server does not fully support TLS 1.2
Only OpenSSL versions from branch 1.0.0 will work - Oracle Solaris does not
deliver higher versions at this time.
Customers who are trying to access the URL using latest wget/OpenSSL (ie.
from www.opencsw.org) version with TLS 1.2 support may get connection
failures.
The same is documented, please refer below oracle doc..
Patch download automation for Sun products using wget [ID 1199543.1]
I will close this case on 10th-june unless you need further clarification
on this
Thanks
Murugan
More information about the bug-notifications
mailing list