Power

 View Only
Expand all | Collapse all

Encounter SSL problem after upgrade dnf

  • 1.  Encounter SSL problem after upgrade dnf

    Posted Thu December 22, 2022 10:42 PM
    After upgrading dnf, I encountered following error. Any help is appreciated.
     
    $ dnf update
AIX generic repository                                                 0.0  B/s |   0  B     00:01
Errors during downloading metadata for repository 'AIX_Toolbox':
  - Curl error (35): SSL connect error for anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml [error:0609D09C:digital envelope routines:INT_CTX_NEW:unsupported algorithm]
Error: Failed to download metadata for repo 'AIX_Toolbox': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
AIX noarch repository                                                  0.0  B/s |   0  B     00:00
Errors during downloading metadata for repository 'AIX_Toolbox_noarch':
  - Curl error (35): SSL connect error for anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/repodata/repomd.xml [error:0609D09C:digital envelope routines:INT_CTX_NEW:unsupported algorithm]
Error: Failed to download metadata for repo 'AIX_Toolbox_noarch': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
AIX 7.1 specific repository                                            0.0  B/s |   0  B     00:00
Errors during downloading metadata for repository 'AIX_Toolbox_71':
  - Curl error (35): SSL connect error for anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc-7.1/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc-7.1/repodata/repomd.xml [error:0609D09C:digital envelope routines:INT_CTX_NEW:unsupported algorithm]
Error: Failed to download metadata for repo 'AIX_Toolbox_71': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried


    But no error with curl

     
    $ curl -vvv anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml
*   Trying 170.225.126.18:443...
* Connected to public.dhe.ibm.com (170.225.126.18) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: none
*  CApath: /var/ssl/certs/
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: C=US; ST=New York; L=Armonk; O=International Business Machines Corporation; CN=public.dhe.ibm.com
*  start date: Mar  7 00:00:00 2022 GMT
*  expire date: Mar  7 23:59:59 2023 GMT
*  subjectAltName: host "public.dhe.ibm.com" matched cert's "public.dhe.ibm.com"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS RSA SHA256 2020 CA1
*  SSL certificate verify ok.
* Server auth using Basic with user 'anonymous'
> GET /aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml HTTP/1.1
> Host: public.dhe.ibm.com
> Authorization: Basic YW5vbnltb3VzOmFub255bW91cw==
> User-Agent: curl/7.85.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Fri, 23 Dec 2022 03:38:29 GMT
< Last-Modified: Wed, 21 Dec 2022 16:02:01 GMT
< ETag: "98b6-aa8-5f058ac3cb040"
< Accept-Ranges: bytes
< Content-Length: 2728
< Strict-Transport-Security: max-age=31536000
< Content-Type: application/xml


    System information
     
    $ oslevel
7.1.0.0
$ dnf --version
4.2.17
  Installed: dnf-0:4.2.17-32_50.ppc at Fri Dec 23 03:13:59 TAIST 2022
  Built    : IBM AIX Toolbox  <https://ibm.biz/AIXToolbox> at Thu Apr 21 10:10:15 TAIST 2022
$ curl --version
curl 7.85.0 (powerpc-ibm-aix7.1.3.0) libcurl/7.85.0 OpenSSL/1.1.1l zlib/1.2.12 libssh2/1.10.0 nghttp2/1.46.0
Release-Date: 2022-08-31
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS GSS-API HSTS HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz NTLM NTLM_WB SPNEGO SSL threadsafe UnixSockets


    ------------------------------
    yy
    ------------------------------