Curl: (35) openssl ssl_connect: connection reset by peer in connection

Technical Support
, , ,
1

Hi, I am currently using “Apalis-iMX6_Reference-Multimedia-Image-Tezi_5.4.0+build.11” image. I tried to communicate to my firebase using curl but returns “curl: (35) openssl ssl_connect: connection reset by peer in connection”. I have tried the same command on my window, and Ubuntu, and both of them works.

image

image
image1449×168 25.4 KB

2

Hi @Raymond , is the time on Apalis iMX6 synced correctly? You can check if NTP is enabled here.

3

image
image555×126 7.46 KB

@benjamin.tx initially, the time and date is not synced. I have manually set the date and time but the error is still the same

4

Hi @Raymond , with -vvv, you can get more debug information about curl. firebasedatabase.app seems your private server that I can access from my side. It could be some protocol of your firebasedatabase.app’s HTTPS is not supported by OpenSSL on current BSP. curl -vvv https://docs.toradex.cn/104952-apalis-imx8qm-front-view.jpg --output imx8.jpg does fetch the picture from our website.

5

Hi @benjamin.tx , I have tried using -vvv but its showing the same thing.

image
image802×226 62.5 KB

I have tried “curl -vvv https://docs.toradex.cn/104952-apalis-imx8qm-front-view.jpg --output imx8.jpg” and it works.

Should i upgrade the OpenSSL to a newer version?

6

Hi @Raymond , Apalis iMX6 sends out a first TLS hello package, and then it is reset by the peer that is firebasedatabase.app immediately. Could you also have a try with wget https://docs.toradex.cn/104952-apalis-imx8qm-front-view.jpg?

7

Hi @benjamin.tx , you mean like this?

image
image799×104 32.3 KB

8

Hi @Raymond , sorry, I mean download your straff2.json file by wget.

9

Hi @benjamin.tx ,

image
image803×105 33.9 KB

10

Hi @Raymond , apalis imx6 system time is still suspicious. You have directly changed the time in UTC. Please set time in UTC and your own time zone correctly.

time
time566×126 10.7 KB

11

Hi @benjamin.tx ,

I change the time using this command. How to set time in UTC and time zone?

# timedatectl set-ntp false
# timedatectl set-time "2015-01-31 11:13:54"
12

Hi @benjamin.tx , do you mean like this?

image
image803×226 49.5 KB

*In case you wanted to test with the firebase as well:
https://qtemployeeaccess-default-rtdb.asia-southeast1.firebasedatabase.app/staff2.json

13

Hi @Raymond , no. Current time in UTC is around 8am. You can check it here.

14

Hi @benjamin.tx ,

Like this?

image
image807×226 50.9 KB

15

Hi @Raymond , do you know if there is any requirement accessing firedatabase.app ? For example, a cipher for TLS or user confidential. OpenSSL version on Reference-Multimedia-Image-Tezi_5.4.0 is 1.1.1k. It is a new release. The latest Ubuntu 21.10 has OpenSSL 1.1.1l.

16

Hi @benjamin.tx , I will try to do some research on firebase requirement.

If need to update OpenSSL to 1.1.1l, what is the process?

17

Hi @benjamin.tx ,

image
image1281×679 44.3 KB

Based on the link, it says that TLS1.3 is disabled, and when using “curl”, it reply a TLSv1.3 (OUT). Maybe this is the cause?

image
image1812×210 130 KB

The link you provided for testing has TLS1.3 enabled

image
image1270×668 48.5 KB

18

Hi @benjamin.tx ,

I just tested TLSv1.1 and 1.2, but both shows the same error.

image
image804×227 57.1 KB

image
image799×227 57.8 KB

image
image805×346 86.4 KB

19

Hi @Raymond , you can compare TLS v1.2 cipher suites supported by curl and firebasedatabase.app. Use this command curl https://www.howsmyssl.com/a/check on Apalis iMX6.

20

Hi @benjamin.tx ,

After I change Firebase to Back4app, I did not face this issues anymore. For firebase, the issue was with my internet connection, changing to another internet connection was able to solve this issue.

Thank you @benjamin.tx for your time and help.