Cannot Start Job with CloudFlare Free SSL and Self-Signed Certificate

microberto
(@microberto)

8 years, 11 months ago

Hi, I am getting this error when I try to manually start a job:

The HTTP response test get an error "error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error"

I have CloudFlare Free with a self-signed certificate on nginx.

From other conversations, it may seem that BackWPup is initiating this using curl, or some other process that is attempting to use an older version of SSL that CloudFlare doesn’t support?

https://wordpress.org/support/topic/the-http-response-test-get-an-error-error14077410ssl-routinesssl23_get_serve?replies=4

The Flexible SSL Plugin did not work (cloudflare-flexible-ssl).

Is there anything else to get this working? Will cron work when it runs automatically on its own?

Thanks!
Mike

https://wordpress.org/plugins/backwpup/

Viewing 5 replies - 1 through 5 (of 5 total)

Thread Starter microberto
(@microberto)

8 years, 11 months ago
As an FYI, here’s my nginx SSL setup on this one:
```
ssl_session_cache shared:SSL:50m;
        ssl_session_timeout  5m;
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;

        ssl_ciphers 'EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH RSA+AESGCM RSA+AES !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS';

        ssl_prefer_server_ciphers on
```
Got that from somewhere on GitHub as a quality secure version.
Plugin Author Daniel Hüsken
(@danielhuesken)

8 years, 11 months ago

You can try this http://marketpress.com/wp-content/uploads/2014/03/backwpup-disable-local-ssl-verify.zip Plugin for disable ssl checking for local connections WordPress wide.

Thread Starter microberto
(@microberto)

8 years, 10 months ago

Hi Daniel, thanks for the help a bit ago.

I installed and activated that plugin, but still get this error:

The HTTP response test get an error "error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error"

I tried restarting PHP and nginx to see if that’d help.

Something else going on here?

The setup remains the same – Nginx server + CloudFlare FULL SSL. The certificate on the nginx server is self-signed, which is permissible by CloudFlare. The ciphers remain the same as above.

Thanks a ton!

Mark Barnes
(@mark8barnes)

8 years, 9 months ago

I know this is an old thread, but it’s currently one of the first search results for the SSL23_GET_SERVER_HELLO error message.

For the benefit of others who stumble on this in the future, I had the same problem. It’s caused because Cloudflare tries to force servers to a high level of security that’s not supported by your webhost for outgoing connections. Specifically, outgoing connections from your server don’t support TLS 1.1 and 1.2.

Normally, updating CURL and OpenSSL will fix the problem. Specifically, CURL 7.39 or later, and OpenSSL 1.0.1c or later will support TLSv1.1 and TLSv1.2

Thread Starter microberto
(@microberto)

8 years, 9 months ago

Wow, thank you so much!

What’s frustrating is that with Ubuntu 12.04LTS, the versions of CURL are stuck at 7.22. Can’t even find a trustworthy repository with 7.39+ right now.

If I can’t get a backport, may need to update this server at some point. I don’t like installing thing from sources because I’d forget about it and not check for security updates.

Thanks again!

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Cannot Start Job with CloudFlare Free SSL and Self-Signed Certificate’ is closed to new replies.