SSL Client Protocols

Which SSL protocols to allow for client HTTPS/SSL connections when walking or performing results authorization, i.e. for connections from Webinator to remote https:// URLs. The default is to leave SSLv2 and SSLv3 disabled, as these are known to be vulnerable to attacks. Enabling SSLv3, if necessary, may also require a cipher change; see note under SSL Client Ciphers (here).

Sometimes a walker's connection fails at (or soon after) the SSL negotiation, possibly with the error message "Missing HTTP response line in reply from ...". This may be due to settings on the remote server that disallow certain SSL protocols - yet those protocols were enabled under SSL Client Protocols (e.g. for legacy reasons). In such cases, disabling various SSL protocols may enable the connection to succeed.

Note that support for some (e.g. vulnerable) protocols may end in some Webinator versions, depending on the concurrent OpenSSL libs' support: e.g. SSLv2 is no longer supported in OpenSSL 1.1.0 and later.

Copyright © Thunderstone Software     Last updated: Oct 5 2023
Copyright © 2024 Thunderstone Software LLC. All rights reserved.