cancel
Showing results for 
Search instead for 
Did you mean: 

SSL Timeout Connecting to Sandbox

The CIM API is timing out for us.  Is anyone else having this issue or is it just us?

gmarlett
Contributor
74 REPLIES 74

The issue is still occurring for me.

If I use the old Curl request 

 

curl_setopt($request, CURLOPT_SSL_VERIFYPEER, FALSE);

 

I still have the same exact problem (hangs for awhile then returns empty response code).

 

If I use the revised code curl_setopt($request, CURLOPT_SSLVERSION, 3);

 

(forcing version 3) it works. So basically the same as before the rollback and after the changes related to the new ciphers.

Opps didn't reset connection so probabaly didn't get the new changes. Will update shortly.

Still not working unless code forces Curl to use SSL3.

I found a solution for rails. I installed openssl 1.0.1g through homebrew (make sure "openssl version" in the command line corrosponds correctly), and reinstalled ruby. The reinstillation step caught me off guard since I thought openssl was dynamically linked. 

lethjakman
Member

For clarity's sake, what changed is where SSL termination occured. The new location in our network where we moved SSL termination had the new ciphers. We've moved back to the old location, so you should be getting the exact same setup that you were prior to us moving SSL termination.

If you made any changes to your code or configuration before, please revert back to your previous setup, establish a new connection, and try again.

--
"Move fast and break things," out. "Move carefully and fix what you break," in.

Update: We're investigating further as we're seeing the same SSL results as before rollback. I apologize for the inconvenience here.

--
"Move fast and break things," out. "Move carefully and fix what you break," in.

We've reapplied the change in SSL termination and have confirmed it is now pointing back to where it originally did, with its SSL configuration and ciphers as you are used to. Please reconnect and try again. Thanks.

--
"Move fast and break things," out. "Move carefully and fix what you break," in.

It's working for me now.

I tested this, and it is working on stable Debian 7 released openssl.

 

For the future, what are the plans for this upgrade? Why did this cause so many issues, and what is going to change to prevent it from happening when the upgrade moves to production?