CLAMAV SSL Download Error - UK Only SSL Cert Expired

Bugs in eFa 4
Post Reply
sharktech
Posts: 89
Joined: 14 Jan 2014 14:23

CLAMAV SSL Download Error - UK Only SSL Cert Expired

Post by sharktech »

ERROR: Download failed (35) ERROR: Message: SSL connect error
ERROR: getpatch: Can't download daily-25959.cdiff from https://database.clamav.net/daily-25959.cdiff
ERROR: Download failed (35) ERROR: Message: SSL connect error
ERROR: getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
ERROR: Update failed for database: daily
ERROR: Database update process failed: Connection failed (5)
ERROR: Update failed.

Originally posted in V3 as i forgot i upgraded :lol: Morning (UK) getting the above in an email constantly, i can download the files manually without issue. can i upload them and update manually?

Thanks
Last edited by sharktech on 07 Dec 2020 12:44, edited 1 time in total.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: CLAMAV SSL Download Error

Post by shawniverson »

When you say you can download them manually, do you mean on the eFa itself?
sharktech
Posts: 89
Joined: 14 Jan 2014 14:23

Re: CLAMAV SSL Download Error

Post by sharktech »

Hi Shawn

No via a web browser from the same external IP. desperate to get this sorted :)

Thanks
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: CLAMAV SSL Download Error

Post by shawniverson »

Please try this on the eFa and capture the error output

Code: Select all

curl https://database.clamav.net/daily.cvd > daily.cvd
sharktech
Posts: 89
Joined: 14 Jan 2014 14:23

Re: CLAMAV SSL Download Error

Post by sharktech »

> curl https://database.clamav.net/daily.cvd > daily.cvd
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (35) TCP connection reset by peer

i tried a wget aswell and got the below

> wget https://database.clamav.net/daily.cvd
--2020-12-07 10:35:17-- https://database.clamav.net/daily.cvd
Resolving database.clamav.net (database.clamav.net)... 104.16.219.84, 104.16.218.84, 2606:4700::6810:db54, ...
Connecting to database.clamav.net (database.clamav.net)|104.16.219.84|:443... connected.
Unable to establish SSL connection
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: CLAMAV SSL Download Error

Post by shawniverson »

Try the following and gather the output:

Code: Select all

openssl s_client -connect database.clamav.net:443

Code: Select all

openssl s_client -connect database.clamav.net:443 -servername clamav.net -showcerts | openssl x509 -text -noout
sharktech
Posts: 89
Joined: 14 Jan 2014 14:23

Re: CLAMAV SSL Download Error

Post by sharktech »

i can see expiry errors.

Code: Select all

CONNECTED(00000003)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Domain Validation Secure Server CA 2
verify return:1
depth=0 CN = ssl392509.cloudflaressl.com
verify error:num=10:certificate has expired
notAfter=Oct 13 23:59:59 2020 GMT
verify return:1
depth=0 CN = ssl392509.cloudflaressl.com
notAfter=Oct 13 23:59:59 2020 GMT
verify return:1
---
Certificate chain
 0 s:/CN=ssl392509.cloudflaressl.com
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEmzCCBEGgAwIBAgIRAOcoTtfhKesE35V4auTNitAwCgYIKoZIzj0EAwIwgZIx
CzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNV
BAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTgwNgYDVQQD
Ey9DT01PRE8gRUNDIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0Eg
MjAeFw0yMDA0MDYwMDAwMDBaFw0yMDEwMTMyMzU5NTlaMCYxJDAiBgNVBAMTG3Nz
bDM5MjUwOS5jbG91ZGZsYXJlc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABAyyPeGgNUZ7DDCVxmIXXbGgBHEn9dcwS/r62+xfIMNY3BLMsmIx8R5emY/d
Q/T5GkUX46iIMTC98b6HvFrW8PKjggLhMIIC3TAfBgNVHSMEGDAWgBRACWFn8LyD
cU/eEggsb9TUK3Y9ljAdBgNVHQ4EFgQUDoWzRdCBadCYXWWDSWAscEtJd3IwDgYD
VR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcwJTAjBggrBgEFBQcC
ARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMFYGA1UdHwRPME0w
S6BJoEeGRWh0dHA6Ly9jcmwuY29tb2RvY2E0LmNvbS9DT01PRE9FQ0NEb21haW5W
YWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EyLmNybDCBiAYIKwYBBQUHAQEEfDB6MFEG
CCsGAQUFBzAChkVodHRwOi8vY3J0LmNvbW9kb2NhNC5jb20vQ09NT0RPRUNDRG9t
YWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBMi5jcnQwJQYIKwYBBQUHMAGGGWh0
dHA6Ly9vY3NwLmNvbW9kb2NhNC5jb20wggEGBgorBgEEAdZ5AgQCBIH3BIH0APIA
dwAHt1wb5X1o//Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXFQ1cDIAAAEAwBI
MEYCIQDsyk8sC5RyWGy8IEVyXG590W983+AnanXpC1TGZ7EOEgIhALJwTlB6+UnK
l0AhSyIXuPLsWGLnKHuq4umzaKEg9wVWAHcA5xLysDd+GmL7jskMYYTx6ns3y1Yd
ESZb8+DzS/JBVG4AAAFxUNXA+AAABAMASDBGAiEAm1MAO8N/IX73iGxj/bNjOlfN
5zQ3dGpnsWrZ41hKCp8CIQDcDNswJ13Zo87rokRpJmZIWl35jciE7AvhN/k9eMMW
LTAmBgNVHREEHzAdghtzc2wzOTI1MDkuY2xvdWRmbGFyZXNzbC5jb20wCgYIKoZI
zj0EAwIDSAAwRQIgcBkVX8OhulA2c9hAHUvhkJlUjRjVF2RGkx3ZkrM9GB8CIQDu
aTsI5rVaMQu1JV08ZWPTf21EJCis6L+HAmcTKZPt5g==
-----END CERTIFICATE-----
subject=/CN=ssl392509.cloudflaressl.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3584 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-ECDSA-AES128-GCM-SHA256
    Session-ID: A82D02788B2974CA264718DB1298F7A4A0A1CB1CEB0E9A164FF730D5E2C90855
    Session-ID-ctx:
    Master-Key: D9A9167B5971F43634C3B819DB5B6C60B3CB7CDB65C2C5B0631F120B4615572C044E499181B26D77316BB240B9C3D78A
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 64800 (seconds)
    TLS session ticket:
    0000 - dd 32 37 29 01 e5 df d4-c1 87 d7 77 f5 5e 5e b0   .27).......w.^^.
    0010 - c8 dd ea 4d 42 03 37 d7-92 d9 34 fa 21 8e ab 03   ...MB.7...4.!...
    0020 - 02 c5 25 f6 44 6a 03 7f-77 24 5d cf 11 86 0e df   ..%.Dj..w$].....
    0030 - d5 c5 a8 27 33 b1 23 d4-6f 33 71 5e bc 76 72 97   ...'3.#.o3q^.vr.
    0040 - 54 6d 89 de 92 e0 9f 4b-79 d0 e1 f9 f1 dd 79 cc   Tm.....Ky.....y.
    0050 - e8 6f d1 13 50 70 2c 00-fa 6f ad 56 60 58 74 5e   .o..Pp,..o.V`Xt^
    0060 - 31 66 47 0b 5a 50 b4 af-ab 98 d2 4e 76 af 3b 2f   1fG.ZP.....Nv.;/
    0070 - 8e 7e ee db cf c2 c5 fa-8f 1c 08 c4 d1 73 18 1c   .~...........s..
    0080 - 91 02 eb f3 53 e0 38 1d-5f 9e 4b 36 7d c9 6e de   ....S.8._.K6}.n.
    0090 - 6b db a9 76 2c 73 07 4e-a1 1e ce a8 3c cd 8e 7f   k..v,s.N....<...
    00a0 - c4 09 b9 12 f1 48 ae 1c-99 b7 e0 21 7d 44 13 6f   .....H.....!}D.o

    Start Time: 1607340042
    Timeout   : 300 (sec)
    Verify return code: 10 (certificate has expired)
---
closed

depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Domain Validation Secure Server CA 2
verify return:1
depth=0 CN = ssl392509.cloudflaressl.com
verify error:num=10:certificate has expired
notAfter=Oct 13 23:59:59 2020 GMT
verify return:1
depth=0 CN = ssl392509.cloudflaressl.com
notAfter=Oct 13 23:59:59 2020 GMT
verify return:1
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            e7:28:4e:d7:e1:29:eb:04:df:95:78:6a:e4:cd:8a:d0
    Signature Algorithm: ecdsa-with-SHA256
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2
        Validity
            Not Before: Apr  6 00:00:00 2020 GMT
            Not After : Oct 13 23:59:59 2020 GMT
        Subject: CN=ssl392509.cloudflaressl.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:0c:b2:3d:e1:a0:35:46:7b:0c:30:95:c6:62:17:
                    5d:b1:a0:04:71:27:f5:d7:30:4b:fa:fa:db:ec:5f:
                    20:c3:58:dc:12:cc:b2:62:31:f1:1e:5e:99:8f:dd:
                    43:f4:f9:1a:45:17:e3:a8:88:31:30:bd:f1:be:87:
                    bc:5a:d6:f0:f2
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:40:09:61:67:F0:BC:83:71:4F:DE:12:08:2C:6F:D4:D4:2B:76:3D:96

            X509v3 Subject Key Identifier:
                0E:85:B3:45:D0:81:69:D0:98:5D:65:83:49:60:2C:70:4B:49:77:72
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies:
                Policy: 1.3.6.1.4.1.6449.1.2.2.7
                  CPS: https://sectigo.com/CPS
                Policy: 2.23.140.1.2.1

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl

            Authority Information Access:
                CA Issuers - URI:http://crt.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crt
                OCSP - URI:http://ocsp.comodoca4.com

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : 07:B7:5C:1B:E5:7D:68:FF:F1:B0:C6:1D:23:15:C7:BA:
                                E6:57:7C:57:94:B7:6A:EE:BC:61:3A:1A:69:D3:A2:1C
                    Timestamp : Apr  6 18:51:58.024 2020 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:EC:CA:4F:2C:0B:94:72:58:6C:BC:20:
                                45:72:5C:6E:7D:D1:6F:7C:DF:E0:27:6A:75:E9:0B:54:
                                C6:67:B1:0E:12:02:21:00:B2:70:4E:50:7A:F9:49:CA:
                                97:40:21:4B:22:17:B8:F2:EC:58:62:E7:28:7B:AA:E2:
                                E9:B3:68:A1:20:F7:05:56
                Signed Certificate Timestamp:
                    Version   : v1(0)
                    Log ID    : E7:12:F2:B0:37:7E:1A:62:FB:8E:C9:0C:61:84:F1:EA:
                                7B:37:CB:56:1D:11:26:5B:F3:E0:F3:4B:F2:41:54:6E
                    Timestamp : Apr  6 18:51:58.072 2020 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:9B:53:00:3B:C3:7F:21:7E:F7:88:6C:
                                63:FD:B3:63:3A:57:CD:E7:34:37:74:6A:67:B1:6A:D9:
                                E3:58:4A:0A:9F:02:21:00:DC:0C:DB:30:27:5D:D9:A3:
                                CE:EB:A2:44:69:26:66:48:5A:5D:F9:8D:C8:84:EC:0B:
                                E1:37:F9:3D:78:C3:16:2D
            X509v3 Subject Alternative Name:
                DNS:ssl392509.cloudflaressl.com
    Signature Algorithm: ecdsa-with-SHA256
         30:45:02:20:70:19:15:5f:c3:a1:ba:50:36:73:d8:40:1d:4b:
         e1:90:99:54:8d:18:d5:17:64:46:93:1d:d9:92:b3:3d:18:1f:
         02:21:00:ee:69:3b:08:e6:b5:5a:31:0b:b5:25:5d:3c:65:63:
         d3:7f:6d:44:24:28:ac:e8:bf:87:02:67:13:29:93:ed:e6
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: CLAMAV SSL Download Error

Post by shawniverson »

That is very strange, the cert is expired at ssl392509.cloudflaressl.com from your location. You may need to reach out to clamav and have them fix that certificate in your region.
sharktech
Posts: 89
Joined: 14 Jan 2014 14:23

Re: CLAMAV SSL Download Error

Post by sharktech »

Yep, that was the first thing i checked. Can I manually update it?

Thanks
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: CLAMAV SSL Download Error

Post by shawniverson »

I'm not sure if it will help but you can try to update your ca-certificate store

Code: Select all

sudo yum update ca-certificates
sharktech
Posts: 89
Joined: 14 Jan 2014 14:23

Re: CLAMAV SSL Download Error

Post by sharktech »

no updates available :( I've contacted thm, just waiting back now

Thanks for the help
sharktech
Posts: 89
Joined: 14 Jan 2014 14:23

Re: CLAMAV SSL Download Error - UK Only SSL Cert Expired

Post by sharktech »

Shawn

just tried those commands on another linux box and they connected to a different server and got a valid response

Code: Select all

CONNECTED(00000005)
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
verify return:1
depth=0 C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
verify return:1
---
Certificate chain
 0 s:C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
   i:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
 1 s:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
   i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEvDCCBGGgAwIBAgIQCkhU7/VKlQpQR3DIXbQs/jAKBggqhkjOPQQDAjBKMQsw
CQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX
Q2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjAwODE1MDAwMDAwWhcNMjEwODE1
MTIwMDAwWjBtMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNh
biBGcmFuY2lzY28xGTAXBgNVBAoTEENsb3VkZmxhcmUsIEluYy4xHjAcBgNVBAMT
FXNuaS5jbG91ZGZsYXJlc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
BDrM9wO2bRjNuGRMDUrwxKbEpMj4/l3+VLAKPXiC1+hKNdvtuoiNaoIS3iBRG8d4
nQGp3iGYt9+y4kNk9UA83n6jggMEMIIDADAfBgNVHSMEGDAWgBSlzjfq67B1DpRn
iLRF+tkkEIeWHzAdBgNVHQ4EFgQUnmpz363D64waz3wvjDWBBFDtObEwNQYDVR0R
BC4wLIIVc25pLmNsb3VkZmxhcmVzc2wuY29tghNkYXRhYmFzZS5jbGFtYXYubmV0
MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
ewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Nsb3Vk
ZmxhcmVJbmNFQ0NDQS0zLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQu
Y29tL0Nsb3VkZmxhcmVJbmNFQ0NDQS0zLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG
/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
MAgGBmeBDAECAjB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9v
Y3NwLmRpZ2ljZXJ0LmNvbTBABggrBgEFBQcwAoY0aHR0cDovL2NhY2VydHMuZGln
aWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0NDQS0zLmNydDAMBgNVHRMBAf8EAjAA
MIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkz
v98MLyALzE7xZOMAAAFz8OSKrgAABAMARzBFAiAFYULkIN/FEkNpBmeEcuPq2tXU
LQuAYLLivC8zsAhmKQIhAOjAiMi4gK3wwUPoAlYD5nTR+E2brAXd197FzDJqDtos
AHcAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFz8OSK1wAABAMA
SDBGAiEAvBn/2lLLoWUnHb+84VpKcWsl+uimb/b4qq5h5cVEcysCIQC+4WW+gtUw
tqlF47TgFsFiUWM6Qk/72PGmcdQHl3/EhzAKBggqhkjOPQQDAgNJADBGAiEAt21x
sXmnmSQ6FgDnejZEE2hxlishzBgY8PPB5ZYG8IwCIQC1oy7QmfpZeotTyGYcbIIz
WsATAgkzxkZ8X79z/vnGlw==
-----END CERTIFICATE-----
subject=C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com

issuer=C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2507 bytes and written 401 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: BD4F01B0B6316EC3AA66749B7870CF52BF9EB323F6364E04E5713E22760D0C90
    Session-ID-ctx:
    Resumption PSK: 3D1113CCDDEDE5B991C4E8641521BE9BF7B41F25C0EF8F9EE6CFA8B28D1BB1CF96E4B6DD4D4F715BE5F8586051FD9127
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 64800 (seconds)
    TLS session ticket:
    0000 - c7 f7 d6 69 df 50 48 09-44 4a 11 b5 22 38 26 ca   ...i.PH.DJ.."8&.
    0010 - df 3f c6 b7 71 d0 4d bd-72 f9 43 3b 70 36 e2 6c   .?..q.M.r.C;p6.l
    0020 - 37 8f d8 d7 fb 58 ff df-b9 7c d9 9d 65 f9 38 90   7....X...|..e.8.
    0030 - 02 a6 9a ab b3 20 27 3d-88 61 77 71 d3 af 8b 6e   ..... '=.awq...n
    0040 - f6 bf 9b c6 86 60 1e f1-5e d1 ce 59 d2 0a 9a 2e   .....`..^..Y....
    0050 - 97 59 cd e9 1e f4 7e 5a-eb 44 f9 4f 9b 6d 03 fb   .Y....~Z.D.O.m..
    0060 - d4 09 d0 c3 5d 0b 4d 43-af cb 3c 6d 07 6d 5a 0a   ....].MC..<m.mZ.
    0070 - 4a d9 b8 bb 1d 3f f3 bf-3b 0c 1a 44 45 bc 06 c1   J....?..;..DE...
    0080 - c4 84 cb f6 1a 24 a4 80-fc f6 3f 28 2b 1a 53 af   .....$....?(+.S.
    0090 - 53 b2 a7 60 99 c1 d7 e6-c9 9d ec 75 e2 d3 bc 4b   S..`.......u...K
    00a0 - c3 21 d2 16 fa a6 7c 3c-50 c7 70 3b 5f 0f 5a 52   .!....|<P.p;_.ZR
    00b0 - 9b da 5d 42 e8 d3 05 84-75 f3 4b a8 f2 a1 42 e5   ..]B....u.K...B.

    Start Time: 1607348590
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 360F77A325177BCCB9EF57C47067BA4B037941794956EFFF4614D0D98339C442
    Session-ID-ctx:
    Resumption PSK: FA3180386A2E57524109ACAFA920222FD5A94664F3542D33648C4629C9905CC92996507CACF6C0A349823B601B3A3C25
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 64800 (seconds)
    TLS session ticket:
    0000 - c7 f7 d6 69 df 50 48 09-44 4a 11 b5 22 38 26 ca   ...i.PH.DJ.."8&.
    0010 - 28 86 81 0e bb a9 66 b0-c1 36 14 9a 0d 63 31 fb   (.....f..6...c1.
    0020 - e1 ac b1 ba 10 10 b4 60-81 a5 61 98 f4 ed 90 29   .......`..a....)
    0030 - 23 29 5a b1 dd 8a d4 d5-57 2c 95 6d 48 50 f5 6c   #)Z.....W,.mHP.l
    0040 - e2 e2 d2 31 6a 5f 62 2f-bd 07 bb 68 bf 48 52 be   ...1j_b/...h.HR.
    0050 - 1c 50 0c 44 d3 6b 07 ae-59 b9 08 29 77 8e 64 57   .P.D.k..Y..)w.dW
    0060 - 7f cc ac 82 47 36 f8 1e-bc 44 5b 64 47 e7 87 50   ....G6...D[dG..P
    0070 - 95 28 fe ff 94 ec 01 2b-26 88 c1 6f b2 eb c2 cc   .(.....+&..o....
    0080 - 56 36 af 25 9c b4 07 23-52 4a 89 05 2a ba 9a e6   V6.%...#RJ..*...
    0090 - f1 11 f6 37 c0 bf 7f 39-60 43 c3 c7 3b 65 da c6   ...7...9`C..;e..
    00a0 - b7 8a 49 da 8b f0 8f 16-64 ac bb b7 1d df 91 2f   ..I.....d....../
    00b0 - 3c f9 69 46 90 ed 77 a6-5a 8c c9 15 22 3a 9c 72   <.iF..w.Z...":.r

    Start Time: 1607348590
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
closed
sharktech
Posts: 89
Joined: 14 Jan 2014 14:23

Re: CLAMAV SSL Download Error - UK Only SSL Cert Expired

Post by sharktech »

Hi Shawn

Did you look into more after my last reply?

TIA
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: CLAMAV SSL Download Error - UK Only SSL Cert Expired

Post by shawniverson »

I am wondering if there is a difference in the dns between the two servers you tested.
sharktech
Posts: 89
Joined: 14 Jan 2014 14:23

Re: CLAMAV SSL Download Error - UK Only SSL Cert Expired

Post by sharktech »

Hi Shawn

No difference at all, i'm spooling up a fresh install to test.

Thanks
sharktech
Posts: 89
Joined: 14 Jan 2014 14:23

Re: CLAMAV SSL Download Error - UK Only SSL Cert Expired

Post by sharktech »

Hi Shawn

installed a fresh Centos8 server and still the same, just done a Centos7 install and it works lol

Thanks
Post Reply