Environment
SUSE SMT server on SLES 11 SP3
Situation
When trying to mirror repositories on a SUSE SLES 11 SP3 or SP4, an error is displayed:
500 CURL ERROR(35) SSL connect error
Resolution
There are two options:
1. Upgrade SUSE SLES to version 12
2. Deploy the MFSMT ( Miro Focus SMT) server that runs in OES2018 SP2. This is the recommended solution from Micro Focus.
Cause
Micro Focus certificates have been renewed and security has been tightened up. Micro Focus servers only allow TLSv1.2 and above connections.
SMT 11 is based on SLES 11 SP3 or SP4 which uses openssl 0.9.8 which doesn't support TLS 1.1 correctly, hence the error.
MF-SMT is based on SLES 12 which uses openssl 1.0.0 and hence, has support for TLS 1.2 and newer.
Additional Information
The smt-mirror log shows:
2021-04-09 10:48:55 SMT::Mirror::Job - [error] E 'https://nu.novell.com/repo/$RCE/Filr-4-Updates/sle-12-x86_64/repodata/repomd.xml': 500 CURL ERROR(35) SSL connect error
curl -v --trace - https://nu.novell.com/repo/$RCE/Filr-4-Updates/sle-12-x86_64/repodata/repomd.xml shows:
== Info: successfully set certificate verify locations:== Info: CAfile: noneCApath: /etc/ssl/certs/== Info: SSLv3, TLS handshake, Client hello (1):=> Send SSL data, 135 bytes (0x87)0000: 01 00 00 83 03 01 60 70 1f 5d d6 f9 ce 04 e3 c4 ......`p.]......0010: ea 49 76 27 b1 36 09 40 bb 07 f0 ff 08 30 ac 8f .Iv'.6.@.....0..0020: f6 36 b7 d1 1c 03 00 00 44 c0 14 c0 13 c0 12 c0 .6......D.......0030: 11 c0 0f c0 0e c0 0d c0 0c c0 0a c0 09 c0 08 c0 ................0040: 07 c0 05 c0 04 c0 03 c0 02 00 88 00 87 00 84 00 ................0050: 45 00 44 00 41 00 39 00 38 00 35 00 33 00 32 00 E.D.A.9.8.5.3.2.0060: 2f 00 16 00 13 00 0a 00 05 00 04 00 ff 01 00 00 /...............0070: 16 00 00 00 12 00 10 00 00 0d 6e 75 2e 6e 6f 76 ..........nu.nov0080: 65 6c 6c 2e 63 6f 6d ell.com== Info: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version== Info: Closing connection #0