I'm getting a timeout trying to consume UPS's online tools API through PHP + Curl. This issue started happening this morning. I can reproduce the issue using Curl directly on Ubuntu 14.04 from bash. However, on Ubuntu 16.04, I can connect without any issues.
UPS support wasn't particularly helpful:
Which of these servers that have been completed to the TLS 1.2 migration is not known. It is suggested to make sure that your security protocol is enabled for TLS 1.0, 1.1 and 1.2 for the time being. Though having the full stack, should minimized problems, as negotiation will utilizes highest agreed upon supported protocol by both parties.
Here's the verbose output on 14.04:
[email protected]:/etc/ssl/certs# curl https://onlinetools.ups.com -v
* Rebuilt URL to: https://onlinetools.ups.com/
* Hostname was NOT found in DNS cache
* Trying 18.104.22.168...
* connect to 22.214.171.124 port 443 failed: Connection timed out
* Trying 126.96.36.199...
* After 86387ms connect time, move on!
* connect to 188.8.131.52 port 443 failed: Connection timed out
* Failed to connect to onlinetools.ups.com port 443: Connection timed out
* Closing connection 0
curl: (7) Failed to connect to onlinetools.ups.com port 443: Connection timed out
If I simply try to connect via OpenSSL, it also times out:
[email protected]:/etc/ssl/certs# openssl s_client -connect onlinetools.ups.com:443
Any ideas what the problem is? Pointers on troubleshooting? Are you also having issue with this UPS API from Ubuntu 14.04?
Here are the versions of relevant libraries:
I tried pulling the cacerts from haxx.se and pointed Curl to it using the
--cacerts arg, no luck.
I'm pretty much at a loss here ... what am I missing?
Connection time out is a TCP level problem and not a SSL/TLS problem. It is simply that it cannot connect to the host. You would not even manage to get a telnet or netcat to the peer in this case. Depending on how much targets are affected by the problem it might be a firewall or router problem on the targets end (i.e. only this target affected) or some general network issue on your end (i.e. most hosts do not work).