Manaslu's picture

Hi

I have a quick question. I am trying to find if this error is related with the version of Curl/OpenSSL i am using in wordpress applicace 16 or it is the wordpress issue.

i have Curl version 7.64 and OpenSSl Version 1.1.1d which comes with the Wordpress applicance v16. Currently i am gettings errors like following in the wordpress site health:

The REST API request failed due to an error.
Error: cURL error 28: Connection timed out after 10001 milliseconds (http_request_failed)

And also when i use differnt backup plugin, errors like this shows up: 

cURL error 35: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to updraftplus.com:443

Is it due the Curl/OpenSSL version i am using? if so, is it recommended to update those versions in the applicance.

Thank you in advance.

Manaslu

Forum: 
Jeremy Davis's picture

I'm no WordPress expert, but after a quick google of your issue, I see why you are asking about curl and OpenSSL versions... It seems that issues similar to yours were historically caused by old versions of curl and/or OpenSSL. Most of the posts seem to be about 1-2 years ago. FWIW, this was around the time of some major changes in OpenSSL (and curl's support for HTTPS is usually via OpenSSL).

The REST API request failed due to an error. Error: cURL error 28: Connection timed out after 10001 milliseconds (http_request_failed)

The first error (above) may be caused by PHP running out of RAM and thus may be able to be resolved by increasing the PHP memory limit. Increasing the execution timeout may also help (after all, it does say that it's timing out...).

My reading suggests that this one may be caused by PHP running out of RAM. So bumping up the RAM that PHP is able to use is the first thing I'd try. That can be done via the php.ini file (IIRC /etc/php/7.3/apache/php.ini or similar). You'll need to restart Apache to apply the change. If your server doesn't have much free RAM, then you may need to increase the available RAM too (i.e. if it's a VM you might be able to just increase the RAM the VM has). If increasing system RAM is not an option (e.g. running on hardware, or small VPS) then increasing swap space may help.

Regarding the second error message (below), this may or may not be related to the first error, or it could be coincidental.

cURL error 35: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to updraftplus.com:443

Curl's "error 35" explicitly relates to an SSL negotiation error. Whilst the issue may well be related to curl and/or OpenSSL, it's worth noting that ultimately the cause of the issue is a mismatch between the SSL/TLS protocol and/or cipher suites provided by the server vs supported by the client (curl in this case). I.e. the issue is that both ends are essentially speaking a different language. When a client and server first connect, they try to negotiate protocol/cipher suites that they both support; this error is because they couldn't negotiate an agreed protocol/cipher suite.

To try to give a more concrete example, TLSv1 (which is incidentally no longer secure and) is not supported by default in TurnKey v16.x. So if you tried to connect to a v16.x TurnKey server explicitly using TLSv1 you would get the same sort of error.

FWIW, I double checked the SSL certs of the domain in the error message and whilst it does have support for older insecure ciphers, that should not cause this issue. It's also worth reminding you that security is not a on/off switch, and when you tighten the security screws, it's not uncommon for things to break. So that particular site is probably intentionally supporting the older SSL protocols because some of it's users/customers are still using old browsers/devices that don't support TLSv1.2/TLSv1.3 (e.g. older mobile devices etc). FWIW, whilst the TurnKey appliances only support TLSv1.2 & TLSv1.3 by default, our website supports these same protocols for that exact reason.

So long and short of it is that you may be able to make tweaks to get these to work, but the error messages aren't pointing towards a clear issue/solution. Updating curl and/or OpenSSL is NOT recommended...

Personally, I would recommend reaching out to the plugin providers and see if they have ideas

Manaslu's picture

Thank you for your help Jeremy. I really appreciate it.

Jeremy Davis's picture

Good luck with resolving your issue.

If you need any further info about default settings in the TurnKey appliance (e.g. to answer questions a WordPress plugin dev might have about your server) then please feel free to ask. Or if you have further questions/issues, please post back (best to open a new thread if it's an unrelated issue).

Please be sure to post back if/when you resolve the issue. Perhaps there is an improvement we can make so other users don't hit this? Or even just sharing the info of how it was resolved will likely help others.

Manaslu's picture

Thank you again Jeremy.

Yes I was able to resolve the issues.

The REST API request failed due to an error.
Error: cURL error 28: Connection timed out after 10001 milliseconds (http_request_failed)

This was due to PHP memory limit (thanks for the suggestion). Increasing the memory limit seem to do the trick for the backup plugin i was using. i was successfully able to back it up in dropbox but when i tried in the local server, it gave an error. Since it was development server and i didn't have more resources to add, i couldn't test further. As i am not having that issue in other production server, that is the good news.

cURL error 35: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to updraftplus.com:443

As per the second one, it was due to firewall policy which was blocking the site. Once the application and the site was whitelisted, the error was resolved.

Regards

Manaslu

 

Jeremy Davis's picture

Glad to hear that you worked it out! :)

Add new comment