OpenSSL errors in php scripts after upgrade to 86.0.17

Ruiz

• April 02, 2020 07:52

Today, some PHP scripts that connect to remote hosts using SSL started to throw errors. Example: call_user_func_array(): SSL_read on shutdown: error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading This must be related to the openssl 1.1.1e that was updated with 86.0.17:

• 

  ffeingol

  • April 02, 2020 13:08

  Having the same issues. I will be opening a ticket.

  0
• 

  ffeingol

  • April 02, 2020 13:42

  Got a reply on my ticket. They referenced this: cPanel Only fix given was downgrading ea-openssl: yum downgrade ea-openssl
  But it will, of course, upgrade every night.

  0
• 

  Ruiz

  • April 02, 2020 14:16

  yum downgrade ea-openssl Didn't work for me. Is there any aditional steps required? Heres is my yum log: [root@xxx public_html]# yum downgrade ea-openssl Loaded plugins: fastestmirror, langpacks, universal-hooks Loading mirror speeds from cached hostfile * EA4: 74.50.120.123 * cpanel-addons-production-feed: 74.50.120.123 * cpanel-plugins: 74.50.120.123 * base: distro.ibiblio.org * epel: d2lzkl7pfhq30w.cloudfront.net * extras: mirror.atl.genesisadaptive.com * updates: mirror.centos.iad1.serverforge.org Resolving Dependencies --> Running transaction check ---> Package ea-openssl.x86_64 0:1.0.2u-1.1.1.cpanel will be a downgrade ---> Package ea-openssl.x86_64 0:1.0.2u-1.1.2.cpanel will be erased --> Finished Dependency Resolution Dependencies Resolved =================================================================================================================== Package Arch Version Repository Size =================================================================================================================== Downgrading: ea-openssl x86_64 1.0.2u-1.1.1.cpanel EA4 2.9 M Transaction Summary =================================================================================================================== Downgrade 1 Package

  0
• 

  Ruiz

  • April 02, 2020 14:21

  Nevermind. yum downgrade ea-openssl11
  + restarting php-fpm did the trick! Thank for your help!

  0
• 

  orizonmedia

  • April 02, 2020 15:07

  THX ruiz ! downgrade did the trick for me too My recaptchat work now!

  0
• 

  porplemontage

  • April 02, 2020 17:42

  This morning I started occasionally getting "Peer could not decode an SSL handshake message" (SSL_ERROR_DECODE_ERROR_ALERT) errors in Firefox and "invalid response" (ERR_SSL_PROTOCOL_ERROR) errors in Chrome when browsing my sites. OpenSSL upgraded to 1.1.1e overnight so this was the most likely culprit. I downgraded to 1.1.1d per the instructions above and I haven't gotten the errors since.

  0
• 

  aegis

  • April 02, 2020 20:05

  Getting the same error here. In particular it affects WHMCS retreiving registrar data from ENOM which gives the following error. CURL Error: 56 - OpenSSL SSL_read: error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading, errno 0 It looks like there may be a fix upstream coming in openssl 1.1.1f

  0
• 

  ffeingol

  • April 02, 2020 20:57

  It's going to be a pain the butt, but you may want to put openssl in the yum.conf excludes or it's going to get overwritten every night when upcp runs. The 'pain' is that you'll have to keep an eye as to when their is a 'fix' for this and then remove the exclude.

  0
• 

  cPanelLauren

  • April 02, 2020 21:11

  This looks like it's going to get resolved with the next EA4 update we're pushing. I know they'd wanted to get it out today but I haven't seen it announced yet. We're updating OpenSSL to 1.1.1f due to issues with 1.1.1e

  0
• 

  John Goller

  • April 03, 2020 00:58

  Looks like openssl 1.1.1f is now available to manually upgrade. yum upgrade ea-openssl11
  Check the version installed with yum info ea-openssl11
  If version is 1.1.1f then restart PHP-FPM in WHM and you should be all ok to go.

  0
• 

  TVCNet Website Hosting and Security Services

  • April 03, 2020 01:39

  Yes, had a similar issue with a number of servers, one related to a WHMCS openSSL error report and the other to this standard error: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading Solution: 1. You may now upgrade OpenSSL to version 1.1.1f manually. 2. In terminal, $yum upgrade ea-openssl11 3. Once completed, $yum info ea-openssl11 to ensure you have installed Release 1.1.1f 4. Then restart "PHP-FPM Service" within WHM/ Then test your scripts connection once again to verify. Enjoy!

  0
• 

  ffeingol

  • April 03, 2020 02:19

  Per what @tvcnet posted, looks like cPanel has pushed out the fix. It actually looks like a whole bunch of ea-* packages got updated (my guess is for dependencies). The normal nightly upcp should pull it and then things will be good.

  0
• 

  ciao70

  • April 03, 2020 12:20

  Hello, Released openssl 1.1.1f via ea

  0
• 

  cPanelLauren

  • April 03, 2020 13:16

  Yea this happened after I left last night, around 7:20pm - glad to hear that you guys were able to get updated.

  0

Please sign in to leave a comment.