Hello,
Back to the original problem.
You can reproduce this issue by installing a minimalist Lua script in Orthanc (
http://book.orthanc-server.com/users/lua.html), instead of launching a whole Docker infrastructure as discussed before. Here is this Lua script, that simply calls your URLs on Orthanc startup:
function Initialize()
print("Contacting homepage:")
print("Contacting Let's Encrypt:")
print("Contacting Cloudflare:")
end
The corresponding minimal Orthanc configuration is:
{
"LuaScripts" : [ "Sample.lua" ],
"HttpsCACertificates" : "/etc/ssl/certs/ca-certificates.crt",
"HttpVerbose" : true
}
Note how we use the certificates that are generated by the "ca-certificate" core package on Debian/Ubuntu systems. Note also that we have enabled a newly-introduced configuration called "HttpVerbose" that is pending in the mainline, in order to debug HTTP connections:
As mentioned in your tests, Orthanc can connect to its homepage and to the second site that uses Let's Encrypt, but fails while contacting Cloudflare:
$ ./Orthanc Sample.json
[...]
W0726 12:47:47.013740 main.cpp:667] Orthanc has started
W0726 12:47:47.013803 LuaContext.cpp:103] Lua says: Contacting homepage:
W0726 12:47:47.312361 LuaContext.cpp:103] Lua says: Contacting Let's Encrypt:
W0726 12:47:47.956914 LuaContext.cpp:103] Lua says: Contacting Cloudflare:
E0726 12:47:48.027587 HttpClient.cpp:230] libCURL error: SSL connect error
Here is the detailed log produced by the "HttpVerbose" option:
$ ./Orthanc Sample.json --verbose
[...]
W0726 12:52:28.018071 LuaContext.cpp:103] Lua says: Contacting Cloudflare:
* Trying 104.28.22.173...
* TCP_NODELAY set
* Connected to mockbin.org (104.28.22.173) port 443 (#2) * ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
* Closing connection 2
I0726 12:52:28.074234 HttpClient.cpp:674] HTTP status code 0 after GET request on: https://mockbin.org I0726 12:52:28.074354 HttpClient.cpp:679] cURL status code: 35
E0726 12:52:28.074423 HttpClient.cpp:230] libCURL error: SSL connect error
The "routines:SSL23_GET_SERVER_HELLO:sslv3" error message is clearly the culprit. It seems to indicate a problem with the Cloudfare certificate:
I am stuck at this point for time being. Any help from the Orthanc community is welcome.
Regards,
Sébastien-