Curl: (35) openssl ssl_connect: connection reset by peer in connection

Hi, I am currently using “Apalis-iMX6_Reference-Multimedia-Image-Tezi_5.4.0+build.11” image. I tried to communicate to my firebase using curl but returns “curl: (35) openssl ssl_connect: connection reset by peer in connection”. I have tried the same command on my window, and Ubuntu, and both of them works.

Hi @Raymond , is the time on Apalis iMX6 synced correctly? You can check if NTP is enabled here.

@benjamin.tx initially, the time and date is not synced. I have manually set the date and time but the error is still the same

Hi @Raymond , with -vvv, you can get more debug information about curl. seems your private server that I can access from my side. It could be some protocol of your’s HTTPS is not supported by OpenSSL on current BSP. curl -vvv --output imx8.jpg does fetch the picture from our website.

Hi @benjamin.tx , I have tried using -vvv but its showing the same thing.

I have tried “curl -vvv --output imx8.jpg” and it works.

Should i upgrade the OpenSSL to a newer version?

Hi @Raymond , Apalis iMX6 sends out a first TLS hello package, and then it is reset by the peer that is immediately. Could you also have a try with wget

Hi @benjamin.tx , you mean like this?

Hi @Raymond , sorry, I mean download your straff2.json file by wget.

Hi @benjamin.tx ,

Hi @Raymond , apalis imx6 system time is still suspicious. You have directly changed the time in UTC. Please set time in UTC and your own time zone correctly.

Hi @benjamin.tx ,

I change the time using this command. How to set time in UTC and time zone?

# timedatectl set-ntp false
# timedatectl set-time "2015-01-31 11:13:54"

Hi @benjamin.tx , do you mean like this?

*In case you wanted to test with the firebase as well:

Hi @Raymond , no. Current time in UTC is around 8am. You can check it here.

Hi @benjamin.tx ,

Like this?

Hi @Raymond , do you know if there is any requirement accessing ? For example, a cipher for TLS or user confidential. OpenSSL version on Reference-Multimedia-Image-Tezi_5.4.0 is 1.1.1k. It is a new release. The latest Ubuntu 21.10 has OpenSSL 1.1.1l.

Hi @benjamin.tx , I will try to do some research on firebase requirement.

If need to update OpenSSL to 1.1.1l, what is the process?

Hi @benjamin.tx ,

Based on the link, it says that TLS1.3 is disabled, and when using “curl”, it reply a TLSv1.3 (OUT). Maybe this is the cause?

The link you provided for testing has TLS1.3 enabled

Hi @benjamin.tx ,

I just tested TLSv1.1 and 1.2, but both shows the same error.

Hi @Raymond , you can compare TLS v1.2 cipher suites supported by curl and Use this command curl on Apalis iMX6.

Hi @benjamin.tx ,

After I change Firebase to Back4app, I did not face this issues anymore. For firebase, the issue was with my internet connection, changing to another internet connection was able to solve this issue.

Thank you @benjamin.tx for your time and help.