Insecure SSL - handshake_failure

Hello,

i have a Dahua VTO and want open the Door via HTTP-Binding. i Configured the item as followed:

UID: http:url:4c0a43d049
label: Klingeln
thingTypeUID: http:url
configuration:
  ignoreSSLErrors: true
  baseURL: https://192.168.178.15/cgi-bin/accessControl.cgi?action=openDoor&channel=1&UserID=101&Type=Remote
  password: ***
  delay: 0
  stateMethod: GET
  refresh: 30
  commandMethod: GET
  contentType: text/html
  timeout: 3000
  username: admin
  bufferSize: 2048
  authMode: BASIC

With this, i get the following Error:

Requesting ‘https://192.168.178.15/cgi-bin/accessControl.cgi?action=openDoor&channel=1&UserID=101&Type=Remote’ (method=‘GET’, content=‘null’) failed: Received fatal alert: handshake_failure

What i want: a switch what i can switch on to open the door →
Switch switchKlingel {channel="http:url:4c0a43d049:KlingelSwitch", expire="5s, state=OFF"}
I only will post the URL on “ON”, not on “OFF”

This is my old PHP-Call wich works very well:

$url = "https://192.168.178.15/cgi-bin/accessControl.cgi?action=openDoor&channel=1&UserID=101&Type=Remote";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
curl_setopt($ch, CURLOPT_USERPWD, "admin:***");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_exec($ch);
curl_close($ch);

The Dahua VTO use a self sigend SSL-Certificate. I hope you can help me, because il will remove the old PHP Script :slight_smile:

Check the binding’s docs for ignoreSSLErrors. This option can be used to ignore SSL errrors because of problems with certificates.

Look at m thing description in the first post. I have set this option to true, but without any result change. If call this url ok the browser, I have to type user and password. After that the door opens.

Oops. Sorry, must have missed that row.
The source code contains these rows:

            logger.info("Using the insecure client for thing '{}'.", thing.getUID());
            logger.info("Using the secure client for thing '{}'.", thing.getUID());

Setting the log level to info is the line with the insecure message being shown ?

Yes i see this output…

2022-05-05 13:54:12.288 [WARN ] [p.internal.http.HttpResponseListener] - Requesting 'https://192.168.178.15/cgi-bin/accessControl.cgi?action=openDoor&channel=1&UserID=101&Type=Remote' (method='GET', content='null') failed: Received fata$
2022-05-05 13:54:12.306 [INFO ] [nding.http.internal.HttpThingHandler] - Using the insecure client for thing 'http:url:4c0a43d049'.

Looks like the most interesting part of the warning ( first row ) is cut off.

Sorry,

here is the message:

Requesting 'https://192.168.178.15/cgi-bin/accessControl.cgi?action=openDoor&channel=1&UserID=101&Type=Remote' (method='GET', content='null') failed: Received fatal alert: handshake_failure

I have solved it by Bash-Script now. That works very well :slight_smile:

1 Like