2

I access several websites for various reasons using Perl LWP. It has been working great for years until I upgraded my server from Ubuntu 18.04 to 20.04 recently, and then LWP stopped working for one particular website. It seems that is a very old server that uses old security settings. I wish they would update their site but I doubt they will. I was eventually able to get everything working again by globally downgrading the security of my entire server by updating my /etc/ssl/openssl.conf thusly:

[ default_conf ]
 ssl_conf = ssl_sect
 
[ ssl_sect ] 
 system_default = system_default_sect
 
[system_default_sect]
 CipherString = DEFAULT:@SECLEVEL=1

I can't find a way to set the CipherString for a particular LWP connection. Does anybody have any ideas?

James B
  • 51
  • 4
  • You can use env variable OPENSSL_CONF instead of changing your global .conf file – clamp May 08 '21 at 14:02
  • In short: use `SSL_cipher_list` with `ssl_opts`. See linked questions for examples. – Steffen Ullrich May 08 '21 at 14:06
  • 1
    Thanks, the linked answers were helpful but I was still having problems. You have to really dig hard to know what ciphers SSL versions can be tried, much less which ciphers and versions the server might accept. Long story short I asked someone more knowledgeable than me about it, and they gave me the answer: $UA->ssl_opts(SSL_version => 'TLSv1', SSL_cipher_list => 'DEFAULT:@SECLEVEL=1'); So much love to folks that know more than other folks and are willing to share. – James B May 09 '21 at 20:43

0 Answers0