Happy new year to everbody!
I'm running PCA as a proxy on a RHEL6 machine, Apparently, since early
December and an update to 6.5, it fails connecting to
getupdates.oracle.com (through a web proxy) with a message saying:
Unable to establish SSL connection.
Yeah, you had reported this problem already back in May 2013, and I had
added the temporary fix for the CSW version of wget back then. The root
cause was (and is) a problem with Oracle's web server:
https://www.opencsw.org/mantis/view.php?id=5068
Oracle's web admin team planned to upgrade the web server to support
clients with recent versions of OpenSSL, but it seems as if this never
happened. They put a note into Support Document 1199543.1, which is
still there:
IMPORTANT:
https://getupdates.oracle.com web server does not fully support TLS
1.2. Only OpenSSL versions from branch 1.0.0 will work - Oracle
Solaris does not deliver higher versions at this time.
Customers who are trying to access the URL using latest wget/OpenSSL
(ie. from www.opencsw.org) version with TLS 1.2 support may get
connection failures.
I'd say, just always add the parameter. It works with /usr/sfw/bin/wget
(in a recently patched S10 at least) as well as with wget on RHEL >= 5.
Did exactly that in the current development release of PCA now. It seems
as if the --secure-protocol option is supported in all relevant versions
of wget, so this should do no harm.
Thanks for the report!
Martin.
