When you try to send a request from Linux container via
HttpClient, depends on target
URI, request will fail and throw an exception with
SSL Handshake with OpenSSL error - SSL_ERROR_SSL.
When encounter this problem first thought is because
HttpClient failed to validate SSL certificate. However after reading through all Inner Exception my eyes drops on this line:
routines:tls_process_ske_dhe:dh key too small
Bingo. Looks like the
openssl.cnf inside my container on K8s have more strict setting than the website's SSL certificate, gladly this is an easy fix.
Dockerfile we have to add two lines of
RUN command in order to modify our container's
## .... RUN sed -i 's/DEFAULT@SECLEVEL=2/DEFAULT@SECLEVEL=1/g' /etc/ssl/openssl.cnf RUN sed -i 's/DEFAULT@SECLEVEL=2/DEFAULT@SECLEVEL=1/g' /usr/lib/ssl/openssl.cnf ## ....
What these two line does is change the value of
SECLEVEL from 2 to 1 in both of the
openssl.cnf file. After append these two lines, recompile the image and everything will work as expected.