Please help me debug the SSL issue using WWW :: Mechanize (or LWP :: UserAgent, for that matter)

Question

Please help me debug the SSL issue using WWW :: Mechanize (or LWP :: UserAgent, for that matter)

I use WWW::Mechanize to upload a catalog from our product provider to our database. I run this script every 2 hours every day and it ends in 12 minutes using about 50 simultaneous threads.

Everything worked perfectly until this weekend. They sent their website offline for scheduled maintenance, and after they are back online again, my script no longer works. After analyzing the situation, this will lead to the following code failure:

 use strict; use warnings; use WWW::Mechanize; my $mec = WWW::Mechanize->new; $mec->get('https://www.imstores.com/Ingrammicromx/login/login.aspx'); print $mec->content;

The code dies (after about 60 seconds) with the following message:

 Error GETing https://www.imstores.com/Ingrammicromx/login/login.aspx: Can't connect to www.imstores.com:443 at test.pl line 7.

Now these are the moments that make it difficult to find the problem:

This is not network related - if I visit the same URL from any of my browsers, I get a page.
If I try to use the same code on a remote computer that contains an exact copy of my Perl installation, it works.
If I use Net::SSL before WWW::Mechanize , it takes a lot of time, but finally gets the page.
If I try any other SSL page, for example ' https://www.paypal.com , it works very quickly.
He then worked until the scheduled maintenance.

I'm not sure what else to try. If I switch to a version other than SSL, it works, but I do not want to do this, because we automate the purchase operations.

Along with many things that crossed my mind, thinking about why it works on a remote machine, and why I can open a page in my browsers in local mode:

Can I block my SSL public key? Is it possible? If so, what public key is LWP / Mechanize use for SSL sessions and how can I use another?

Some data about my current setup:

OS: Windows 7 Ultimate x64
Perl version: 5.16.3 x64
LWP::UserAgent Version: 6.05
WWW::Mechanize version: 1.72
IO::Socket version: 1.34
IO::Socket::SSL version: 1.85
Net::SSL version: 2.85
Crypt::SSLeay Version: 0.64

Thanks in advance for the helpful comment.

+4

perl ssl www-mechanize lwp-useragent

Francisco zarabozo Apr 16 '13 at 6:11

source share

1 answer

Jenny d · Accepted Answer · 2013-04-16T09:10:37+0000

Here is the actual cause of the problem: To connect to this server, you need to use SSLv3 or TLS1 instead of TLS1.2. This is probably why this worked when you first used Net :: SSL; I believe that he is trying to use different ciphers in such a way that WWW: Mechanize does not.

Here is how I found it:

I tried to connect to several servers, and found that those that worked had an older version of SSL. Then I checked the difference between which ciphers are used in versions, and tried to connect to different ciphers.

When I connect to TLS1.2, I get:

 $ openssl s_client -connect www.imstores.com:443 -tls1_2 CONNECTED(00000003) write:errno=54 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 322 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE ---

But when I connect to SSLv3 or TLS1, I get:

 $ openssl s_client -connect www.imstores.com:443 -tls1 CONNECTED(00000003) depth=0 /serialNumber=O3gPUAuGGROuHEhlyLaeJfj7SOn6tFTx/C=US/O=www.imstores.com/OU=GT29846307/OU=See www.geotrust.com/resources/cps (c)11/OU=Domain Control Validated - QuickSSL(R) Premium/CN=www.imstores.com verify error:num=20:unable to get local issuer certificate [...and so on, including server certificate...]

How to do WWW: Mechanizing the use of TLS1 or SSLv3 remains as an exercise for the student.

Please help me debug the SSL issue using WWW :: Mechanize (or LWP :: UserAgent, for that matter)

More articles: