14 replies to this topic

[Aarvay]

There's an issue with SSL with both the sandbox and production servers of Evernote.

With the latest version of OpenSSL, (Ubuntu 12.04) nothing works. Failing at the handshake level itself.


For example, do a curl or wget to https://sandbox.evernote.com or https://www.evernote.com


Connecting to sandbox.evernote.com (sandbox.evernote.com)|204.154.94.71|:443... connected.
Unable to establish SSL connection.

This is what you get. Please address this issue. Not able to use the OAuth API at all. It works with others.

For example : able to wget https://www.facebook.com

[SethH]

Thanks for the report, we're looking into it. We've heard one other report that TLS 1.1 causes problems.

[Aarvay]

Is there a workaround for this, until the things have been set right? I am using the PHP-SDK for OAuth.

[SethH]

Try removing 'protocol_version' => 1.1 from lib/transport/THttpClient.php.

[Aarvay]

No Good. Getting the same error : Last action: Error obtaining temporary credentials: making the request failed (SSL connect error)

I have even tried disabling ssl checks. No good either.

[Rambus]

I had a similar problem using C++ QT with the latest openSSL version. I'm not sure what openSSL version works.

For anyone who finds this post by google: QT 4.6.2 comes prebuilt with the correct SSL version to communicate with evernote oauth.

[Boski]

Hi, I have the same problem.. in Ubuntu 12.04 LTS and with LibSSL 1.0.0. Has anybody a workaround to solve this? I've tried changing the protocol version in the lib/transport/THttpClient.php but no progress at all.
If I force in the wget or curl to use SSLv3 it works OK. Does anybody know where in the SDK I can force the comunication with Evernote to use SSLv3? Currently I'm stocked authenticating the user with OAuth, I get this error:

Message: OAuth::getRequestToken(): Failed to enable crypto

When executing:
$oauth = new OAuth(OAUTH_CONSUMER_KEY, OAUTH_CONSUMER_SECRET);
$requestTokenInfo = $oauth->getRequestToken(REQUEST_TOKEN_URL, $this->get_callback_url());

Any idea anyone? Thanks for your time!

[Boski]

Hi again, I've seen that this is reported as a bug in Ubuntu:
https://bugs.launchp...ssl/ bug/965371
And still open

The workaround is fix a protocol (f.i TLSv1 or SSLv3) when doing a GET.. Does anyone knows how to do this when using OAuth in SDK for PHP?
Cheers

[Spicer]

Anyone have a fix for this yet? I did just confirm it is a Ubuntu 12.04 LTS issue. Everything works perfectly in Ubuntu 11.10.

[User]

This bug deserves high priority. It's ridiculous that upgrading my system causes Evernote to stop syncing because of a bug in Evernote's web servers.

[User]

This is simply a bug that Evernote needs to fix on its servers:

$ gnutls-cli-debug www.evernote.com -p 443
Resolving 'www.evernote.com'...
Connecting to '204.154.94.81:443'...
Checking for SSL 3.0 support... yes
Checking whether %COMPAT is required... yes


Checking for TLS 1.0 support... yes
Checking for TLS 1.1 support... no
Checking fallback from TLS 1.1 to... failed
Checking for TLS 1.2 support... no


Checking whether we need to disable TLS 1.0... N/A
Checking for Safe renegotiation support... no
Checking for Safe renegotiation support (SCSV)... no
Checking for HTTPS server name... not checked
Checking for version rollback bug in RSA PMS... no
Checking for version rollback bug in Client Hello... no
Checking whether the server ignores the RSA PMS version... yes
Checking whether the server can accept Hello Extensions... yes
Checking whether the server can accept cipher suites not in SSL 3.0 spec... yes
Checking whether the server can accept a bogus TLS record version in the client hello... yes
Checking for certificate information... N/A
Checking for trusted CAs... N/A
Checking whether the server understands TLS closure alerts... no
Checking whether the server supports session resumption... no
Checking for export-grade ciphersuite support... no
Checking RSA-export ciphersuite info... N/A
Checking for anonymous authentication support... no
Checking anonymous Diffie-Hellman group info... N/A
Checking for ephemeral Diffie-Hellman support... no
Checking ephemeral Diffie-Hellman group info... N/A
Checking for AES cipher support (TLS extension)... yes
Checking for CAMELLIA cipher support (TLS extension)... no
Checking for 3DES cipher support... yes
Checking for ARCFOUR 128 cipher support... yes
Checking for ARCFOUR 40 cipher support... no
Checking for MD5 MAC support... no
Checking for SHA1 MAC support... yes
Checking for max record size (TLS extension)... no
Checking for OpenPGP authentication support (TLS extension)... no

[Marat Khayrullin]

Here is a my workaround patch for evernote's thrift lib (python2.7, ubuntu 12.04)
http://goo.gl/N0KIm

[cyberhex]

I am seeing the same issue as of 8/2/2012 and here is stack trace of the error using the Thrift .Net code. This only started happening once we swithced to using open authentication vs. the older username/password interface. The only part we changed was the authentication logic and everything else is the same so not sure why this is surfacing or how to fix this. Please help because we don't know what to tell our customers.

Couldn't connect to server: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 204.154.94.81:443
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean
connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext&
context)
at System.Net.HttpWebRequest.GetRequestStream()
at Thrift.Transport.THttpClient.SendRequest()

[dipanshu]

No Good. Getting the same error : Last action: Error obtaining temporary credentials: making the request failed (SSL connect error)

I have even tried disabling ssl checks. No good either.

i have same problem. but not get any solution yet

[Hiroshi Miura]

For Evernote on Ubuntu user, http://bugs.winehq.o...ug.cgi?id=30598 will help you.
It is work around for this issue to disable TLS1.1/1.2 by default as same as Windows.

This is simply a bug that Evernote needs to fix on its servers:

$ gnutls-cli-debug www.evernote.com -p 443
Resolving 'www.evernote.com'...
Connecting to '204.154.94.81:443'...
Checking for SSL 3.0 support... yes
Checking whether %COMPAT is required... yes


Checking for TLS 1.0 support... yes
Checking for TLS 1.1 support... no
Checking fallback from TLS 1.1 to... failed
Checking for TLS 1.2 support... no

I agree here.