New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auto update over HTTPS can fail #7576
Comments
Thanks for opening the report, Matt. Yes, there are two issues:
There's something set on it that our openssl lib doesn't like. It's at this stage: The handshake with builds.piwik.org goes like this: Note, AFAIK this is not a setting that makes your server more secure. Compare your server with www.qualys.com with their SSL test at https://www.ssllabs.com/ssltest/ Your server gets a B (mine do as well, but my servers are secured against CRIME, yours' are not) while Qualys gets a A-. (I removed the "" Markdown as it wrapped all lines in one, how can I make whole paragraphs to show as code?) |
@bolera I'm interested to know whether this is showing as an error in the download screen, or if it's a fatal error and you see the "Piwik error" screen. Could you post a screenshot of the error page? As @mattab said the main concern here is that the screen offering you to update over HTTP didn't show, which leaves you to manual update only. Also from what I gathered from the forum post you tried setting up Curl certificates but this doesn't change anything right?
Have a look here, I can't put the characters in my answer directly because they get interpreted :) |
I've created a separate ticket regarding Curl certificates: #7580 |
Thanks. I tested the patch and it works to display the https and the http option. And I patched the new updater file ... Look at the differences (I removed the asterisks as the Markdown interprets them wrongly):
So, seems to me that builds.piwik.org should enforce TLS connections, but instead either doesn't reply or replies with a "no". |
@bolera sorry the issue was closed by my commit message but maybe those problems with the SSL setup need to be fixed on the server too. I'll reopen the issue. |
Another thread with users reporting issues: http://forum.piwik.org/read.php?2,125605 |
definitely, it's a different issue |
I just wanted to add that if you disable SSLv3 with the -1 param works:
SSLv3 is disabled on that server. |
In this forum post there are a few users who report an issue with auto-updating failing because it now uses HTTPS (from #6441). The error these users get is:
curl_exec: Unknown SSL protocol error in connection to builds.piwik.org:443 . Hostname requested was: builds.piwik.org
Configurations affected so far:
Tasks:
The text was updated successfully, but these errors were encountered: