WordPress EDD SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
by bernt & torsten
This article is about an error that I experience on my WordPress site while setting up Easy Digital Download with software licensing.
I wrote additional code for my WP Plugin as recommended by Easy Digital Download regarding software licensing on how to add a licenses key to my plugin and how to activate the licenses key.
When I was doing testing to activate the plugin key, I got a curl error – curl: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Setup Environment
A bit of my development setup, I do all my development on a MacBook, I used MAMP for localhost server setup on a MacBook.
The issue
The issue I got when testing licenses activation, was a curl error – curl: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
The problem is related to an SSL Handshake error that occurs when the OpenSSL version on the server of the site requesting the update is outdated and does not support the SSL Protocols that the store delivering the update requires.
There are two ways to set this up to resolve this issue.
The ideal solution is to have the site requesting the update verify that their OpenSSL software us up to date for their platform. OpenSSL is server software that facilitates communication over the HTTPS protocol. If this is not a possible solution, you can work with your hosting provider or server administrator to configure your web-server to accept these outdated SSL versions, but this is not ideal as it allows less secure connections to your server.
Alternatives
There are a few other things that you should also check on – it may not be the SSL, it could be one or several of the above.
curl Version
First, check your curl version – curl -V – then check if you can curl your server that manage the licenses. You can also use the EDD Software Licensing API
Check if EDD is properly installed and configured
You can also check if your software licenses site is correctly configured –
http://YOURSITE.com/?edd_action=activate_license&item_name=EDD+Product+Name&license=cc22c1ec86304b36883440e2e84cddff&url=http://licensedsite.com
SSL Support
Next check your SSL support – The server where I run the licensing software on, is setup with Ubuntu, I read that some sites disable support for SSL 3.0 (possible because of many exploits/vulnerabilities), so it’s possible to force specific SSL version by either -2/–sslv2 or -3/–sslv3. Also -L is worth a try if the requested page has moved to a different location. The possible problem could be a curl bug (found in OpenSSL), so curl needed to be upgraded to the latest version (>7.40). In my case that was not the issue
See also:
- 3 Common Causes of Unknown SSL Protocol Errors with cURL
- [Bug 861137] Re: Openssl TLS errors while connecting to SSLv3 sites
MacBook Issue
If you running your localhost on a MacBook, check your version – starting with Mavericks, Apple switched the TLS/SSL engine from OpenSSL to their own Secure Transport engine in Apple distributed cURL binary which breaks client certificate usage. Use the cURL binary from homebrew:
- brew install curl
- brew link curl –force
SSL Connect Error with CloudFlare
SSL connect error when using CloudFlare – This specific error with Software Licensing delivering updates is usually seen when using Cloudflare’s Flexible SSL option. This option causes a chain issue with some cURL versions that exist on the client-server requesting the update.
There are a couple of ways to fix this from the server side (without having to request the client to update their cURL version). The first is to upgrade to a paid Cloudflare SSL.
The paid tier SSL Certificates from Cloudflare typically do not pose this problem. The other solution is to purchase an SSL Certificate from a 3rd party and install it directly on your server.
CloudFlare Integration
CloudFlare Integration – If you are using CloudFlare as a CDN, Caching Layer, or SSL provider, we recommend you configure CloudFlare to bypass the cache for all URLs that contain the following string:
/edd-sl
This is the API endpoint for checking the license status and delivering update packages. If these endpoint URLs are cached it can cause issues with properly delivering updates to your customers.
Conclusion
I used CloudFlare, so the solution for me was to go with buying a Cloudflare certificate, and I also added a page rule for not catching the edd software licensing page.
I hope this will help you if you have similar problems. If you have questions or comments, you can add below.
Why It’s Important to Exercise When You’re Over 60
Many of us find ourselves in a pickle as the years pile up. Once reliable sidekicks, our...
A Poem: The Last Time
You never know when it will be,
The last time you ski down slopes of snow,
A Poem: Time Millionaire
When the morning wakes, still and clear,
No more alarms, no more rush....