YUM Proxy and SSL - no longer working

Issues related to configuring your network
Post Reply
userOS9000
Posts: 3
Joined: 2019/10/07 18:25:09

YUM Proxy and SSL - no longer working

Post by userOS9000 » 2019/10/07 18:39:25

Hello, I've read several posts and articles covering this topic. Unfortunately none have resolved the issue I am facing. Here is some background info:

-Going through Company proxy
-Successfully have Red Hat, RHEL 7 working with YUM through the proxy
-Older version of openssl 1.02 used
-Created a CentOS 8 VM
-Copied YUM configuration from older RHEL 7
-Obtain errors shown below
-RHEL7 VM yum update, yum install, etc still works

YUM.conf:

proxy=https://serverip:port
proxy_username=username
proxy_password=password

From above I have also tried http:// instead of https:// (note: the Red Hat VM that is working has https:// in its yum.conf)

Tried to also add in ~./bashrc:
export http_proxy='http://username:password@serverip:8080'
export https_proxy='https://username:password@serverip:8080'
export ftp_proxy='http://username:password@serverip:8080'
export all_proxy='http://username:password@serverip:8080'
export ALL_PROXY='username:password@serverip:8080'
export no_proxy='http://username:password@serverip'

Note: I've remove the actual IP with "serverip" , username, and password respectively.

Performing sudo yum update -v I get:
CentOS-8 - AppStream 0.0 B/s | 0 B 00:00
Cannot download 'http://mirror.centos.org/centos/8/AppStream/x86_64/os/': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried.
repo: downloading from remote: BaseOS
error: Curl error (35): SSL connect error for http://mirrorlist.centos.org/?release=8 ... nfra=stock [error:1408F10B:SSL routines:ssl3_get_record:wrong version number] (http://mirrorlist.centos.org/?release=8 ... nfra=stock).
CentOS-8 - Base 0.0 B/s | 0 B 00:00
Cannot download 'http://mirrorlist.centos.org/?release=8 ... nfra=stock': Cannot prepare internal mirrorlist: Curl error (35): SSL connect error for http://mirrorlist.centos.org/?release=8 ... nfra=stock [error:1408F10B:SSL routines:ssl3_get_record:wrong version number].
repo: downloading from remote: extras
error: Curl error (35): SSL connect error for http://mirrorlist.centos.org/?release=8 ... nfra=stock [error:1408F10B:SSL routines:ssl3_get_record:wrong version number] (http://mirrorlist.centos.org/?release=8 ... nfra=stock).
CentOS-8 - Extras 0.0 B/s | 0 B 00:00
Cannot download 'http://mirrorlist.centos.org/?release=8 ... nfra=stock': Cannot prepare internal mirrorlist: Curl error (35): SSL connect error for http://mirrorlist.centos.org/?release=8 ... nfra=stock [error:1408F10B:SSL routines:ssl3_get_record:wrong version number].
I've performed a Wireshark capture on the VM adapter and observed HTTP/1.1 400 Bad Request when running:

openssl s_client -connect serverip:port -msg

Returns:
<<< ??? [length 0005]
48 54 54 50 2f
140154021869376:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 320 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
The real oddity is that when I got to firefox and type in the proxy manually and prompt me for my username and password I am able to get to google and search around fine. I can even type in the above mirrors and access the webpage for CentOS repositories. I am really at a loss and could use any help suggestion you guys can provide. Thanks.

User avatar
TrevorH
Forum Moderator
Posts: 26934
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: YUM Proxy and SSL - no longer working

Post by TrevorH » 2019/10/08 14:12:37

error: Curl error (35): SSL connect error for http://mirrorlist.centos.org/?release=8 ... nfra=stock [error:1408F10B:SSL routines:ssl3_get_record:wrong version number] (http://mirrorlist.centos.org/?release=8 ... nfra=stock).
CentOS-8 - Base 0.0 B/s | 0 B 00:00
That looks like the sort of error you get from openssl when you point your web browser at e.g. https://www.google.com:80/ instead of 443.
CentOS 5 died in March 2017 - migrate NOW!
CentOS 6 goes EOL sooner rather than later, get upgrading!
Full time Geek, part time moderator. Use the FAQ Luke

userOS9000
Posts: 3
Joined: 2019/10/07 18:25:09

Re: YUM Proxy and SSL - no longer working

Post by userOS9000 » 2019/10/09 19:22:01

Thanks for the response Trevor. Fortunately I was able to figure it out. I needed to go through cntlm to handle authentication. I followed the steps here:

viewtopic.php?t=22455
(See 3rd post)

Basically, by pointing the yum proxy to the centlm proxy and then within centlm conig point to the company proxy, it worked.

Post Reply

Return to “CentOS 8 - Networking Support”