MetadataProvider SSL errors

Gahring, David A gahringd at palmbeachstate.edu
Tue Jul 10 17:10:08 EDT 2018 

Greetings!

Found it!

Adding the following to the MetadataProvider section resolved the issue.

<TransportOption provider="CURL" option="10083">AES256-SHA</TransportOption>

Apparently SLES 11 has a pretty archaic version of OpenSSL, so you have to force something other than ECDH.

Thanks!

______________________________________
David A. Gahring
Systems Consultant - IT Department
Palm Beach State College
4200 Congress Avenue
Lake Worth, FL 33461
Work: 561.868.3320
Cell: 904.742-5407
Email: gahringd at palmbeachstate.edu
[/Users/gahringd/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_971632444]


From: users <users-bounces at shibboleth.net> on behalf of "Gahring, David A" <gahringd at palmbeachstate.edu>
Reply-To: Shib Users <users at shibboleth.net>
Date: Tuesday, July 10, 2018 at 4:21 PM
To: Shib Users <users at shibboleth.net>
Subject: MetadataProvider SSL errors

Greetings,

We are running the Shibboleth SP v2.6 on a SLES 11 SP 4 server, and I’m trying to get remote metadata out of ADFS.  We also have Shib2 running on a Win/IIS platform, and that is working fine.  The error appears to be related to the ciphers (?) being used by libcurl to negotiate a secure connection.  I’ve tried a number of things from cipher options to TransportOption settings with no joy.

Any ideas or observations would be appreciated.  Here is the error I’m seeing in our shibd.log file after startup.

2018-07-10 16:07:21 INFO Shibboleth.Application : building MetadataProvider of type XML...
2018-07-10 16:07:21 ERROR XMLTooling.libcurl.InputStream : error while fetching https://not.my.real.hostname/federationmetadata/2007-06/federationmetadata.xml: (35) error:1408D13A:SSL routines:SSL3_GET_KEY_EXCHANGE:unable to find ecdh parameters
2018-07-10 16:07:21 ERROR XMLTooling.ParserPool : fatal error on line 0, column 0, message: internal error in NetAccessor

Thanks for any help in pointing me in the right direction.. ☺
______________________________________
David A. Gahring
Systems Consultant - IT Department
Palm Beach State College
4200 Congress Avenue
Lake Worth, FL 33461
Work: 561.868.3320
Cell: 904.742-5407
Email: gahringd at palmbeachstate.edu
[/Users/gahringd/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_1615585564]


________________________________

Please note: Due to Florida’s broad open records law, most written communication to or from College employees is public record, available to the public and the media upon request. Therefore, this e-mail communication may be subject to public disclosure.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180710/7c47b504/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 22023 bytes
Desc: image001.png
URL: <http://shibboleth.net/pipermail/users/attachments/20180710/7c47b504/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 22024 bytes
Desc: image002.png
URL: <http://shibboleth.net/pipermail/users/attachments/20180710/7c47b504/attachment-0001.png>

More information about the users mailing list