Failed Signup - SSLv3 error?

andrew.mcharg · September 25, 2018, 12:28am

Hey,

When attempting to create a user throught the Management API v2, I receive a 400 response and the following error is logged:

"description": "write EPROTO 140144844359488:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/s23_clnt.c:802:\n",

This started failing a few weeks ago, and there’s been no change on my end. Has there been some change made to Auth0?

jerdog · September 25, 2018, 11:09am

Would you be able to capture a HAR file of the authentication flow where you are experiencing this issue for us to investigate (Generate and Analyze HAR Files)? Please send via PM as it can contain sensitive info

andrew.mcharg · September 25, 2018, 12:21pm

Hey Jeremy,

Unfortunately this is a machine-to-machine interaction so I can’t capture a HAR. I can give the log ID if someone at Auth0 can use that?

Andrew

jerdog · September 25, 2018, 9:10pm

Sure send it over via DM

joseantonio.rey · October 11, 2018, 3:46pm

Hey @andrew.mcharg,

I took a look at this and it seems like we are getting SSL errors when connecting to your custom database.

Whenever a user signs up, we call the get_user script to ensure the user does not already exist. That means we contact your custom database.

At that time, we are getting the SSL error. Can you please double check your certificates and see if there are any logs on your server that could help pinpoint this?

andrew.mcharg · October 11, 2018, 10:51pm

Hi Jose,

This isn’t a custom DB, this is an Auth0 Database hosted by yourselves. I’ll DM you details of the DB.

Thanks,
Andrew

joseantonio.rey · October 11, 2018, 10:59pm

Hello, Andrew,

The database that you DM’d me is set as a Custom Database. Maybe you inadvertently turned the toggle on? You can find it in your Dashboard > Connections > Database > DB name > Custom Database > Use my own database (it should be off).

Let me know if this helps.

Thanks!

andrew.mcharg · October 12, 2018, 3:19am

Hey Jose,

Thanks for the tip, looks like the DB is set to custom when using the migration option in the Auth0 Wordpress plugin. The server it is connecting to has a valid SSL cert and supports TLSv1.2. It supports the following cipher suites:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

Can you confirm that these are supported by Auth0?

konrad.sopala · August 21, 2019, 10:16am

Hey there Andrew!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there but sometimes our bandwidth is not enough for all the incoming questions.

Have you been able to found the information about the cipher suites we support working with our developer support team or do you want me to confirm that?