:::: MENU ::::

Monthly Archives / June 2016

  • Jun 09 / 2016
  • 0
Linux, Python

openssl/pyOpenSSL – “SSL23_GET_SERVER_HELLO:tlsv1 alert internal error”

You’re getting this annoying error message again and again when trying to fetch certificate and/or establish a connection to your website using openssl:

139647967614624:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:769:

This issue is well known in several openssl versions, and a bug has been addressed for Ubuntu repositories:

For now, there’s a simple workaround that works to quickly fix it!

For openssl

If you’re facing it while using openssl directly, you can fix it by specifying the servername on command-line:

openssl s_client -connect www.mywebsite.com:443 -servername www.mywebsite.com

For pyOpenSSL

If you’re having this issue while using pyOpenSSL (python wrapper for OpenSSL), it can also be fixed with a quick workaround by adding the option set_tlsext_host_name() to specify the server name in your “Connection” object.
You will get something like this:

import socket
from OpenSSL import SSL

hostname = 'www.mywebsite.com'
ctx = SSL.Context(SSL.TLSv1_METHOD)
sock = socket.socket()
ssl_sock = SSL.Connection(ctx, sock)
ssl_sock.connect((hostname, 443))
cert = ssl_sock.get_peer_certificate()
print cert.get_subject().commonName

  • Jun 02 / 2016
  • 0

Configure VLan interface (with alias)

If you want to isolate multiple networks, you can use VLAN (Virtual LAN). On most of the switches, you can configure VLAN to handle tagged packets and be able to send them to a specific port by isolating it. A VLAN is assigned a specific id that can be any number between 1 and 4096.

Most of the Linux distributions can handle tagged packets and VLAN usage, but this feature is not mandatory enabled by default. For the example, I’ll present here how you can enable and configure VLAN on Ubuntu Server 14.04.

First, you need to install the vlan package:

apt-get install vlan

Temporary configuration

Then, you should load the 8021q module into the kernel (guessing you’re using a recent and not customized kernel):

modprobe 8021q

As it’s not possible to create a VLAN on virtual interface, you will have to use physical interface and alias to make it work. You can create additional interface with:

vconfig add eth0 100

Then, you can assign an address to this interface:

ip addr add dev eth0.100

And finally make the interface up:

ip link set up eth0.100

Permanent configuration

You have to load the module automatically and permanently:

echo "8021q" >> /etc/modules

Finally, set the configuration in /etc/network/interfaces in order to make it loaded on startup:

auto eth0.100
iface eth0.100 inet static
        vlan-raw-device eth0

Question ? Contact