Since I upgraded from OpenBSD 7.1 to 7.2 (amd64) I'm no longer able to
use IO::Socket::SSL perl library to connect to some devices (Mikrotik
routers, via their API).
This is the only debug info I was able to obtain:
DEBUG: .../IO/Socket/SSL.pm:842: local error: SSL connect attempt failed
error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake
failure
DEBUG: .../IO/Socket/SSL.pm:845: fatal SSL error: SSL connect attempt
failed error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert
handshake failure
DEBUG: ...nbsd/IO/Socket.pm:48: ignoring less severe local error
'IO::Socket::IP configuration failed', keep 'SSL connect attempt failed
error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake
failure'
Since I cannot change the SSL protocol used by the Mikrotik devices, I
suspect that the only solution is to set the SSL "security_level" to 0
in my perl script.
Unfortunately it seems that both perl functions
Net::SSLeay::set_security_level() and
Net::SSLeay::CTX_set_security_level() don't work. I get the following
error. Maybe they are not implemented in our version of Net::SSLeay perl
library?
Can't locate auto/Net/SSLeay/set_securit.al in @INC (@INC contains:
/usr/local/libdata/perl5/site_perl/amd64-openbsd
/usr/local/libdata/perl5/site_perl /usr/libdata/perl5/amd64-openbsd
/usr/libdata/perl5) at
/usr/local/libdata/perl5/site_perl/IO/Socket/SSL.pm line 741.
So, as an extreme solution I tried to set the SECLEVEL=0 at a global
level in the server, following the instructions I found here, but it
didn't worked either:
https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level
Anybody is able to give me any hint?
Thanks.
