Remark : Travelport 서버가 TLS1.2 만 지원 합니다. CentOS 6.0 인경우 yum update. 필요
NSS 버전 확인 바라면 필요시 최신 버전으로 업데이트 해주세요.
I encountered a similar “NSS error -5938” when using an outdated CentOS 6.x system to connect to an embedded device that stopped accepting TLS 1.0, only allowing TLS 1.1 and higher. The solution for me was to do a yum update.
NSS error -5938 (PR_END_OF_FILE_ERROR)NSS error -5938
|
1 2 3 4 5 |
# curl -V | grep NSS curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.53.1 zlib/1.2.7 libidn/1.28 libssh2/1.8.0 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
# nmap --script ssl-enum-ciphers -p 443 apac.universal-api.pp.travelport.com Starting Nmap 6.40 ( http://nmap.org ) at 2021-11-23 11:25 KST Nmap scan report for apac.universal-api.pp.travelport.com (216.113.131.96) Host is up (0.18s latency). PORT STATE SERVICE 443/tcp open https | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong | TLS_RSA_WITH_AES_128_CBC_SHA - strong | TLS_RSA_WITH_AES_128_CBC_SHA256 - strong | TLS_RSA_WITH_AES_128_GCM_SHA256 - strong | TLS_RSA_WITH_AES_256_CBC_SHA - strong | TLS_RSA_WITH_AES_256_CBC_SHA256 - strong | TLS_RSA_WITH_AES_256_GCM_SHA384 - strong | compressors: | NULL |_ least strength: strong Nmap done: 1 IP address (1 host up) scanned in 8.13 seconds |
결론
서버환경
OpenSSL > 1.0.1 or NSS > 3.15