https://bugzilla.redhat.com/show_bug.cgi?id=1532250
Petr Pisar ppisar@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |ppisar@redhat.com
--- Comment #4 from Petr Pisar ppisar@redhat.com --- (In reply to Paul Howarth from comment #1)
The problem here is that the target server doesn't support newer SSL protocols/ciphers, and the ones it does support are below the standard required by the system-wide crypto policy (see https://fedoraproject.org/wiki/Changes/CryptoPolicy), which is implemented in Fedora's perl-IO-Socket-SSL package (this is why your use of raw Net::SSLeay works, and IO::Socket::SSL doesn't).
I can make it work by changing the IO::Socket::SSL->new() invocation to this:
my $cl = IO::Socket::SSL->new( PeerHost => $ARGV[0], PeerPort => 'https', SSL_cipher_list => 'DES-CBC3-SHA' );
I'm not sure. "openssl s_client -connect www.halstead.com:443" works. And DES-CBC3-SHA has not yet been disabled in the global cryptopolicy https://bugzilla.redhat.com/show_bug.cgi?id=1487607#c6.