Hello, we have a problem with a .NET application running on a Linux server, possibly caused by incorrect TLS settings on the server we are making requests to. We made several attempts to configure OpenSSL on our server and none were able to connect to the destination server address. The URL we are trying to connect to is notacarioca.rio.gov.br. When trying to run an openssl s_client -connect, we get error 104, with the following return:
openssl s_client -connect notacarioca.rio.gov.br:443 CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 334 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) When executing an nmap at the address we have the following result nmap --script ssl-enum-ciphers -p 443 notacarioca.rio.gov.br Starting Nmap 7.70 ( https://nmap.org ) at 2022-08-26 00:44 -03 Nmap scan report for notacarioca.rio.gov.br (187.111.98.122) Host is up (0.15s latency). PORT STATE SERVICE 443/tcp open https | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A | compressors: | NULL | cipher preference: server |_ least strength: A Nmap done: 1 IP address (1 host up) scanned in 7.11 seconds Currently the OpenSSL configuration on our server looks like this. We tried several ways, but none worked. As we have little experience with OpenSSL we don't know what is wrong. CipherString = DEFAULT@SECLEVEL=0 Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:TLS_RSA_WITH_AES_128_CBC_SHA256:TLS_RSA_WITH_AES_256_CBC_SHA256:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_256_GCM_SHA384 MinProtocol = TLSv1.0 MaxProtocol = TLSv1.3 SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_rsae_sha256:rsa_pss_pss_sha384:rsa_pss_rsae_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1 An observation is that our application running in Windows environment works. We were able to access the URL normally. Can someone please help us to solve this problem?