OpenSSL errors in php scripts after upgrade to 86.0.17

ruiz

Well-Known Member
Feb 13, 2008
50
4
58
Today, some PHP scripts that connect to remote hosts using SSL started to throw errors. Example:
call_user_func_array(): SSL_read on shutdown: error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading

This must be related to the openssl 1.1.1e that was updated with 86.0.17:

Any fix for this issue?
 
  • Like
Reactions: aegis

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
945
423
363
cPanel Access Level
DataCenter Provider
Got a reply on my ticket. They referenced this: cPanel

Only fix given was downgrading ea-openssl:

Code:
yum downgrade ea-openssl
But it will, of course, upgrade every night.
 

ruiz

Well-Known Member
Feb 13, 2008
50
4
58
yum downgrade ea-openssl
Didn't work for me. Is there any aditional steps required?

Heres is my yum log:


[root@xxx public_html]# yum downgrade ea-openssl
Loaded plugins: fastestmirror, langpacks, universal-hooks
Loading mirror speeds from cached hostfile
* EA4: 74.50.120.123
* cpanel-addons-production-feed: 74.50.120.123
* cpanel-plugins: 74.50.120.123
* base: distro.ibiblio.org
* epel: d2lzkl7pfhq30w.cloudfront.net
* extras: mirror.atl.genesisadaptive.com
* updates: mirror.centos.iad1.serverforge.org
Resolving Dependencies
--> Running transaction check
---> Package ea-openssl.x86_64 0:1.0.2u-1.1.1.cpanel will be a downgrade
---> Package ea-openssl.x86_64 0:1.0.2u-1.1.2.cpanel will be erased
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================
Package Arch Version Repository Size
===================================================================================================================
Downgrading:
ea-openssl x86_64 1.0.2u-1.1.1.cpanel EA4 2.9 M

Transaction Summary
===================================================================================================================
Downgrade 1 Package
 

porplemontage

Member
Apr 6, 2013
6
3
53
cPanel Access Level
Root Administrator
This morning I started occasionally getting "Peer could not decode an SSL handshake message" (SSL_ERROR_DECODE_ERROR_ALERT) errors in Firefox and "invalid response" (ERR_SSL_PROTOCOL_ERROR) errors in Chrome when browsing my sites. OpenSSL upgraded to 1.1.1e overnight so this was the most likely culprit. I downgraded to 1.1.1d per the instructions above and I haven't gotten the errors since.
 

aegis

Well-Known Member
Jul 6, 2003
70
2
158
Getting the same error here. In particular it affects WHMCS retreiving registrar data from ENOM which gives the following error.

CURL Error: 56 - OpenSSL SSL_read: error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading, errno 0

It looks like there may be a fix upstream coming in openssl 1.1.1f


Downgrading to 1.1.1d and restarting php-fpm works for me.
 

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
945
423
363
cPanel Access Level
DataCenter Provider
It's going to be a pain the butt, but you may want to put openssl in the yum.conf excludes or it's going to get overwritten every night when upcp runs. The 'pain' is that you'll have to keep an eye as to when their is a 'fix' for this and then remove the exclude.
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,266
1,304
363
Houston
This looks like it's going to get resolved with the next EA4 update we're pushing. I know they'd wanted to get it out today but I haven't seen it announced yet. We're updating OpenSSL to 1.1.1f due to issues with 1.1.1e
 
  • Like
Reactions: aegis

John Goller

Registered
Jan 21, 2018
1
0
51
South Australia
cPanel Access Level
Root Administrator
Looks like openssl 1.1.1f is now available to manually upgrade.

Code:
yum upgrade ea-openssl11
Check the version installed with

Code:
yum info ea-openssl11
If version is 1.1.1f then restart PHP-FPM in WHM and you should be all ok to go.
 

tvcnet

Well-Known Member
PartnerNOC
Aug 15, 2003
126
6
168
San Diego
cPanel Access Level
DataCenter Provider
Yes, had a similar issue with a number of servers, one related to a WHMCS openSSL error report and the other to this standard error:
file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading

Solution:

1.
You may now upgrade OpenSSL to version 1.1.1f manually.

2.
In terminal, $yum upgrade ea-openssl11

3.
Once completed, $yum info ea-openssl11 to ensure you have installed Release 1.1.1f

4.
Then restart "PHP-FPM Service" within WHM/

Then test your scripts connection once again to verify.

Enjoy!
 

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
945
423
363
cPanel Access Level
DataCenter Provider
Per what @tvcnet posted, looks like cPanel has pushed out the fix. It actually looks like a whole bunch of ea-* packages got updated (my guess is for dependencies). The normal nightly upcp should pull it and then things will be good.