apache 2.4 and ssl issues

jontheil · Saturday at 6:33 PM

Dear forum users,
For the last couple of weeks, I have had problems with my web server running

Code:

www/apache24

.
My system is running FreeBSD 14.1 and all my installed ports are upgraded.
I am not aware of any significant configurations on my system. For ssl, I use certificates from Letsencrypt. Alle certificates are up-to-date.
Symptoms
I have a number of websites that have been running for a long time. Suddenly, I can't acces any of the sites.
I have troubleshooting by increasing LogLevel i apache to

Code:

LogLevel debug ssl:trace6

.
For one of the sites, the relevant looks like thils:

Code:

`# curl https://whatever.dk/drupal10 --trace -`

```text

== Info: !!! WARNING !!!
== Info: This is a debug build of libcurl, do not use in production.
== Info: STATE: INIT => SETUP handle 0x2a06fbcc8800; line 1878
== Info: STATE: SETUP => CONNECT handle 0x2a06fbcc8800; line 1894
== Info: Added connection 0. The cache now contains 1 members
== Info: STATE: CONNECT => RESOLVING handle 0x2a06fbcc8800; line 1919
== Info: Curl_multi_closed, fd=5 multi is 0x2a06fbc67000
== Info: Curl_multi_closed, fd=5 entry is 0x2a06fbc211e0
== Info: Host whatever.dk:443 was resolved.
== Info: IPv6: (none)
== Info: IPv4: 192.168.1.31
== Info: STATE: RESOLVING => CONNECTING handle 0x2a06fbcc8800; line 1999
== Info:   Trying 192.168.1.31:443...
== Info: ALPN: curl offers h2,http/1.1
=> Send SSL data, 5 bytes (0x5)
0000: 16 03 01 02 00                                  .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: 01 00 01 fc 03 03 12 94 c0 8e 85 7a 73 c6 cf e3 ...........zs...
0010: 81 cd ef 5f 0d 51 9b 8c 58 f7 1c a6 b8 d9 2a 84 ..._.Q..X.....*.
0020: 94 1c 8e c6 67 b5 20 f3 a8 2c 72 8f 51 3c c3 ec ....g. ..,r.Q<..
0030: 28 0f cb 4a 45 38 5e 4b 7d 6d c3 cd bf 96 5a ef (..JE8^K}m....Z.
0040: cb a9 af 9c 69 93 0f 00 3e 13 02 13 03 13 01 c0 ....i...>.......
0050: 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 ,.0.........+./.
0060: 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 ..$.(.k.#.'.g...
0070: 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 ..9.....3.....=.
0080: 3c 00 35 00 2f 00 ff 01 00 01 75 00 00 00 0e 00 <.5./.....u.....
0090: 0c 00 00 09 6a 74 68 65 69 6c 2e 64 6b 00 0b 00 ....whatever.dk...
00a0: 04 03 00 01 02 00 0a 00 16 00 14 00 1d 00 17 00 ................
00b0: 1e 00 19 00 18 01 00 01 01 01 02 01 03 01 04 00 ................
00c0: 10 00 0e 00 0c 02 68 32 08 68 74 74 70 2f 31 2e ......h2.http/1.
00d0: 31 00 16 00 00 00 17 00 00 00 31 00 00 00 0d 00 1.........1.....
00e0: 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 *.(.............
00f0: 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 ................
0100: 03 03 01 03 02 04 02 05 02 06 02 00 2b 00 09 08 ............+...
0110: 03 04 03 03 03 02 03 01 00 2d 00 02 01 01 00 33 .........-.....3
0120: 00 26 00 24 00 1d 00 20 8d 01 2d 4f 2c 1d b3 c0 .&.$... ..-O,...
0130: e2 7c f6 2d b0 5c 68 dc ed d7 e1 1b 5c 24 ed cc .|.-.\h.....\$..
0140: bc 2f f1 a4 c4 9b 6d 2a 00 15 00 b4 00 00 00 00 ./....m*........
0150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
== Info: Recv failure: Connection reset by peer
== Info: OpenSSL SSL_connect: Connection reset by peer in connection to whatever.dk:443
== Info: multi_done[CONNECTING]: status: 35 prem: 1 done: 0
== Info: multi_done, not reusing connection=0, forbid=0, close=0, premature=1, conn_multiplex=0
== Info: Curl_disconnect(conn #0, aborted=1)
== Info: closing connection #0
== Info: [CCACHE] closing #0
== Info: Curl_multi_closed, fd=5 multi is 0x2a06fbc67000
== Info: Curl_multi_closed, fd=5 entry is (nil)
== Info: Expire cleared

I also tried debugging with

Code:

curl https://whatever.dk/drupal10 --trace -

:

Markdown (GitHub flavored):

`# curl https://whatever.dk/drupal10 --trace -`

```text

== Info: !!! WARNING !!!
== Info: This is a debug build of libcurl, do not use in production.
== Info: STATE: INIT => SETUP handle 0x2a06fbcc8800; line 1878
== Info: STATE: SETUP => CONNECT handle 0x2a06fbcc8800; line 1894
== Info: Added connection 0. The cache now contains 1 members
== Info: STATE: CONNECT => RESOLVING handle 0x2a06fbcc8800; line 1919
== Info: Curl_multi_closed, fd=5 multi is 0x2a06fbc67000
== Info: Curl_multi_closed, fd=5 entry is 0x2a06fbc211e0
== Info: Host whatever.dk:443 was resolved.
== Info: IPv6: (none)
== Info: IPv4: 192.168.1.31
== Info: STATE: RESOLVING => CONNECTING handle 0x2a06fbcc8800; line 1999
== Info:   Trying 192.168.1.31:443...
== Info: ALPN: curl offers h2,http/1.1
=> Send SSL data, 5 bytes (0x5)
0000: 16 03 01 02 00                                  .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: 01 00 01 fc 03 03 12 94 c0 8e 85 7a 73 c6 cf e3 ...........zs...
0010: 81 cd ef 5f 0d 51 9b 8c 58 f7 1c a6 b8 d9 2a 84 ..._.Q..X.....*.
0020: 94 1c 8e c6 67 b5 20 f3 a8 2c 72 8f 51 3c c3 ec ....g. ..,r.Q<..
0030: 28 0f cb 4a 45 38 5e 4b 7d 6d c3 cd bf 96 5a ef (..JE8^K}m....Z.
0040: cb a9 af 9c 69 93 0f 00 3e 13 02 13 03 13 01 c0 ....i...>.......
0050: 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 ,.0.........+./.
0060: 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 ..$.(.k.#.'.g...
0070: 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 ..9.....3.....=.
0080: 3c 00 35 00 2f 00 ff 01 00 01 75 00 00 00 0e 00 <.5./.....u.....
0090: 0c 00 00 09 6a 74 68 65 69 6c 2e 64 6b 00 0b 00 ....whatever.dk...
00a0: 04 03 00 01 02 00 0a 00 16 00 14 00 1d 00 17 00 ................
00b0: 1e 00 19 00 18 01 00 01 01 01 02 01 03 01 04 00 ................
00c0: 10 00 0e 00 0c 02 68 32 08 68 74 74 70 2f 31 2e ......h2.http/1.
00d0: 31 00 16 00 00 00 17 00 00 00 31 00 00 00 0d 00 1.........1.....
00e0: 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 *.(.............
00f0: 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 ................
0100: 03 03 01 03 02 04 02 05 02 06 02 00 2b 00 09 08 ............+...
0110: 03 04 03 03 03 02 03 01 00 2d 00 02 01 01 00 33 .........-.....3
0120: 00 26 00 24 00 1d 00 20 8d 01 2d 4f 2c 1d b3 c0 .&.$... ..-O,...
0130: e2 7c f6 2d b0 5c 68 dc ed d7 e1 1b 5c 24 ed cc .|.-.\h.....\$..
0140: bc 2f f1 a4 c4 9b 6d 2a 00 15 00 b4 00 00 00 00 ./....m*........
0150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
== Info: Recv failure: Connection reset by peer
== Info: OpenSSL SSL_connect: Connection reset by peer in connection to whatever.dk:443
== Info: multi_done[CONNECTING]: status: 35 prem: 1 done: 0
== Info: multi_done, not reusing connection=0, forbid=0, close=0, premature=1, conn_multiplex=0
== Info: Curl_disconnect(conn #0, aborted=1)
== Info: closing connection #0
== Info: [CCACHE] closing #0
== Info: Curl_multi_closed, fd=5 multi is 0x2a06fbc67000
== Info: Curl_multi_closed, fd=5 entry is (nil)
== Info: Expire cleared

I have no clue of what is going on and any help will be very much appreciated

VladiBG · Saturday at 6:40 PM

Check if your date/clock is correct.

 

openssl s_client -connect example.org:443

jontheil · Saturday at 6:43 PM

VladiBG said:
Check if your date/clock is correct.

openssl s_client -connect example.org:443

Code:

date

Right now it says

Code:

Sat Nov  2 19:41:54 CET 2024

jontheil · Saturday at 7:16 PM

One more strange behaviour.

If I run the command

Code:

openssl s_client -connect whatever.dk:443

several times after another, I get the error, but occasional it succeeds. As I said, I have no clue whatsoever.

jontheil · Sunday at 8:52 AM

VladiBG said:
Check if your date/clock is correct.

openssl s_client -connect example.org:443

What exactly could be wrong with my time setting? I am running ntpd and I use a pfSense box as time server. As far as I can see, the time I accurate within milliseconds.

covacat · Sunday at 8:59 AM

a (very) wrong system time might be outside the cert validity range, thats why it matters

jontheil · Sunday at 9:05 AM

covacat said:
a (very) wrong system time might be outside the cert validity range, thats why it matters

I couple a minutes ago, I ran

Code:

date

and it showed

Code:

Sun Nov  3 10:03:40 CET 2024

jontheil · Sunday at 9:09 AM

The error message I don't understand is this:

Code:

00208105423F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:/usr/src/crypto/openssl/ssl/record/rec_layer_s3.c:308:

covacat · Sunday at 9:28 AM

looks like apaches end connection abruptly dies.
does the test url work on http (without ssl) ?

jontheil · Sunday at 9:43 AM

covacat said:
looks like apaches end connection abruptly dies.
does the test url work on http (without ssl) ?

I don't know how to test that. All my sites are configured to redirect to https. Like in this example:

Code:

<VirtualHost *:80>
    Redirect permanent / https://whatever.dk/
    ServerName whatever.dk
</VirtualHost>

VladiBG · Sunday at 10:06 AM

Yes this is the right way to redirect when you have root privileges on the host. For virtual hosting when you have only access to .htaccess then you use mod_rewrite to create redirect rules.

You didn't post the output of the openssl s_client -connect example.org:443
What error you get?
When you host time is before or after the validity of the certificate it will give you error for invalid certificate that's why i ask if your clock is correct. We already eliminate this possibility.
Are you using ports or pkgs?
What's the output of pkg prime-origins
openssl version -a
pkg ver | grep ssl

Edit:
is whatever.dk your domain? It look like it's using web firewall from simply.com

jontheil · Sunday at 10:22 PM

I will run into limititions of fhe length og my answer, som I have made som attacments.

 # openssl s_client -connect example.org:443[\CMD]



Generally I build with

[CMD]portmaster

but I am moving to poudriere.
# pkg prime-origins
graphics/GraphicsMagick
graphics/ImageMagick7
math/R
math/R-cran-Deriv
math/R-cran-SparseM
math/R-cran-car
graphics/R-cran-cowplot
devel/R-cran-data.table
math/R-cran-doBy
graphics/R-cran-ggplot2
math/R-cran-haven
textproc/R-cran-hunspell
devel/R-cran-microbenchmark
textproc/R-cran-writexl
www/UniversalFeedCreator
editors/aee
mail/amavis-logwatch
security/amavisd-new
www/mod_fcgid
www/mod_maxminddb
www/mod_perl2
www/mod_security
www/mod_wsgi4
www/apache24
devel/apr1
archivers/arc
devel/argparse
archivers/arj
net/arping
devel/astyle
net/avahi-app
www/awstats
www/baikal
x11-fonts/bdftopcf
sysutils/beats7
audio/beep
devel/binutils
devel/bison
x11-fonts/bitstream-vera
devel/boost-libs
ports-mgmt/bsdadminscripts2
sysutils/bsdstats
security/ca_root_nss
archivers/cabextract
textproc/catdoc
devel/ccache-static
devel/check
net-mgmt/check_ipmi_sensor
net-mgmt/check_logfiles
net-mgmt/chronograf
security/clamav
lang/cling
devel/cmake-core
misc/compat11x
security/cracklib
print/cups
print/cups-bjnp
ftp/curl
security/cyrus-sasl2
misc/freebsd-doc-da
www/davical
databases/db5
devel/dbus
devel/dbus-glib
x11-fonts/dejavu
misc/delay
ports-mgmt/dialog4ports
textproc/diffutils
textproc/docbook
textproc/docbook-sgml
textproc/docbook-xsl
www/dokuwiki
mail/dovecot-pigeonhole
www/drupal10
www/drupal7
www/elinks
lang/elixir
editors/emacs
www/encode-explorer
x11-fonts/encodings
graphics/exif
textproc/expat2
sysutils/ezjail
math/fftw3
sysutils/file
www/flat-frog
x11-fonts/font-bh-ttf
x11-fonts/font-misc-ethiopic
x11-fonts/font-misc-meltho
x11-fonts/font-util
x11-fonts/fontconfig
print/fpdf
graphics/freeimage
print/freetype2
converters/fribidi
sysutils/fusefs-ntfs
lang/gcc12
lang/gcc6-aux
graphics/gdal
databases/gdbm
graphics/gdchart
net/geoipupdate
net-mgmt/geom-exporter
graphics/geoserver
devel/gettext
graphics/giflib
devel/git
devel/git-extras
devel/git-subrepo
devel/gitaly
www/gitea
www/gitlab
devel/gitui
devel/glib20
devel/glibmm
devel/gmake
math/gmp
sysutils/gnome_subr
security/gnupg
security/gnutls
sysutils/goaccess
devel/gobject-introspection
sysutils/gotop
devel/gperf
www/grafana9
graphics/graphite2
devel/grpc
print/gsfonts
misc/hicolor-icon-theme
devel/hs-haskell-language-server
textproc/hs-pandoc
sysutils/htop
graphics/iccxml
net-mgmt/icinga-php-library
net-mgmt/icinga-php-thirdparty
net-mgmt/icingaweb2-module-businessprocess
net-mgmt/icingaweb2-module-cube
net-mgmt/icingaweb2-module-director
net-mgmt/icingaweb2-module-generictts
net-mgmt/icingaweb2-module-grafana
net-mgmt/icingaweb2-module-graphite
net-mgmt/icingaweb2-module-incubator
net-mgmt/icingaweb2-module-map
net-mgmt/icingaweb2-module-reactbundle
net-mgmt/icingaweb2-module-vsphere
converters/iconv
devel/icu
print/indexinfo
databases/influxdb
textproc/intltool
benchmarks/iperf
benchmarks/iperf3
sysutils/ipmitool
misc/iso-codes
textproc/iso8879
graphics/jasper
graphics/jbig2dec
graphics/jbigkit
devel/jna
www/joomla4
graphics/jpeg-turbo
textproc/kibana8
www/kohana
security/krb5
graphics/lcms
graphics/lcms2
sysutils/ldap-account-manager
archivers/lha
x11/libICE
x11/libSM
x11/libXau
x11-toolkits/libXaw
x11/libXcomposite
x11/libXcursor
math/gmp
sysutils/gnome_subr
security/gnupg
security/gnutls
sysutils/goaccess
devel/gobject-introspection
sysutils/gotop
devel/gperf
www/grafana9
graphics/graphite2
devel/grpc
print/gsfonts
misc/hicolor-icon-theme
devel/hs-haskell-language-server
textproc/hs-pandoc
sysutils/htop
graphics/iccxml
net-mgmt/icinga-php-library
net-mgmt/icinga-php-thirdparty
net-mgmt/icingaweb2-module-businessprocess
net-mgmt/icingaweb2-module-cube
net-mgmt/icingaweb2-module-director
net-mgmt/icingaweb2-module-generictts
net-mgmt/icingaweb2-module-grafana
net-mgmt/icingaweb2-module-graphite
net-mgmt/icingaweb2-module-incubator
net-mgmt/icingaweb2-module-map
net-mgmt/icingaweb2-module-reactbundle
net-mgmt/icingaweb2-module-vsphere
converters/iconv
devel/icu
print/indexinfo
databases/influxdb
textproc/intltool
benchmarks/iperf
benchmarks/iperf3
sysutils/ipmitool
misc/iso-codes
textproc/iso8879
graphics/jasper
graphics/jbig2dec
graphics/jbigkit
devel/jna
www/joomla4
graphics/jpeg-turbo
textproc/kibana8
www/kohana
security/krb5
graphics/lcms
graphics/lcms2
sysutils/ldap-account-manager
archivers/lha
x11/libICE
x11/libSM
x11/libXau
x11-toolkits/libXaw
x11/libXcomposite
x11/libXcursor
sysutils/logwatch
textproc/lowdown
sysutils/lscpu
sysutils/lsof
lang/lua52
lang/lua53
archivers/lzo2
archivers/lzop
devel/m4
graphics/mapcache
graphics/mapserver
databases/mariadb105-server
textproc/markdown
www/mattermost-server
misc/mc
math/mdal
x11-fonts/mkfontscale
www/moinmoin
www/moinmoincli
databases/mongodb60
sysutils/monit
net/mosquitto
net/mpd5
net-mgmt/mrtg
databases/mtop
mail/mutt
finance/myphpmoney
net-mgmt/mysqld_exporter
textproc/mysqlviz
net-mgmt/nagios-check_cpu_usage
net-mgmt/nagios-check_hdd_health
net-mgmt/nagios-check_ports
net-mgmt/nagios-check_postgres
net-mgmt/nagios-check_zpools
net-mgmt/nagios-openldap-plugins
net-mgmt/nagios-plugins
net-mgmt/nagios-snmp-plugins
net-mgmt/nagios-snmp-plugins-extras
net-mgmt/nagios4
sysutils/ncdu
devel/ncurses
editors/neovim
net-mgmt/netdisco
net-mgmt/netdisco-mibs
security/nettle
www/nextcloud-appointments
www/nextcloud-calendar
www/nextcloud-contacts
www/nextcloud-deck
www/nextcloud-forms
www/nextcloud-groupfolders
www/nextcloud-notes
www/nextcloud
www/nextcloud-tasks
net-mgmt/nfs-exporter
net/nifmon
math/nlopt
security/nmap
sysutils/node_exporter
net/nss-pam-ldapd
net/onedrive
devel/oniguruma
www/onlyoffice-documentserver
math/openblas
mail/opendkim
mail/opendmarc
misc/openhab
misc/openhab-addons
graphics/openjpeg
net/openldap26-client
net/openldap26-server
net/openradius
textproc/opensearch
textproc/opensearch-dashboards
security/openssl
security/p11-kit
security/p5-Apache-Htpasswd
security/p5-Crypt-OpenSSL-Random
databases/p5-DBD-Pg
databases/p5-DBI
mail/p5-Email-Date-Format
mail/p5-Email-MIME
mail/p5-Email-MIME-ContentType
mail/p5-Email-Simple
converters/p5-Encode-compat
textproc/p5-Excel-Writer-XLSX
www/p5-FCGI
devel/p5-File-Copy-Recursive
graphics/p5-GD-Graph
graphics/p5-GD-TextUtil
net/p5-GeoIP2
www/p5-HTML-Parser
www/p5-HTML-Tagset
textproc/p5-Lingua-EN-Sentence
devel/p5-Locale-Msgfmt
mail/p5-Mail-Mbox-MessageParser
devel/p5-Term-ReadKey
textproc/p5-Text-Extract-Word
x11-toolkits/p5-Tk
devel/p5-Type-Tiny
textproc/p5-XML-LibXML
textproc/p5-XML-LibXSLT
textproc/p5-YAML
security/pam_mkhomedir
x11-toolkits/pango
misc/pciids
devel/pcre
devel/pcre2
math/pdal
print/pdflib
lang/perl5.36
net-mgmt/php-fpm_exporter
math/php82-bcmath
archivers/php82-bz2
misc/php82-calendar
devel/php-composer
textproc/php82-ctype
ftp/php82-curl
www/dddbl
textproc/php82-dom
graphics/php82-exif
sysutils/php82-fileinfo
security/php82-filter
graphics/php82-gd
devel/php82-gettext
math/php82-gmp
converters/php82-iconv
mail/php82-imap
devel/php82-intl
www/kanboard
net/php82-ldap
devel/php-libawl
databases/php82-mysqli
www/php82-opcache
devel/php82-pcntl
databases/php82-pdo
databases/php82-pdo_mysql
databases/php82-pdo_pgsql
databases/php82-pdo_sqlite
devel/pear
security/pear-Auth
security/pear-Auth_SASL
devel/pear-Date
math/pear-Math_BigInteger
dns/pear-Net_DNS2
net/pear-Net_SMTP
net/pear-Net_Sieve
net/pear-Net_Socket
devel/pear-XML_Parser
devel/pear-XML_Serializer
devel/pear-XML_Util
devel/pear-channel-horde
devel/pecl-APCu
math/pecl-bitset
converters/pecl-igbinary
graphics/pecl-imagick
security/pecl-mcrypt
databases/pecl-memcache
databases/pecl-memcached
databases/pecl-mongodb
databases/pecl-redis
www/pecl-solr
security/pecl-ssh2
devel/pecl-xdebug
databases/php82-pgsql
archivers/php82-phar
sysutils/php82-posix
textproc/php82-pspell
textproc/php82-simplexml
net-mgmt/php82-snmp
net/php82-soap
net/php82-sockets
security/php82-sodium
databases/php82-sqlite3
devel/php82-sysvsem
devel/php82-tokenizer
textproc/php82-xml
textproc/php82-xmlreader
textproc/php82-xmlwriter
textproc/php82-xsl
archivers/php82-zip
archivers/php82-zlib
databases/phpliteadmin
databases/phpmyadmin5
www/phpbb3
net/phpldapadmin
mail/phpmailer
databases/phppgadmin
www/phpsysinfo
sysutils/pidof
archivers/pigz
x11/pixman
ports-mgmt/pkg
ports-mgmt/pkg_cutleaves
ports-mgmt/pkg_rmleaves
ports-mgmt/pkg_tree
devel/pkgconf
multimedia/plexmediaserver
multimedia/plexmediaserver-plexpass
www/pmwiki
www/pnews
graphics/png
graphics/poppler-data
devel/popt
ports-mgmt/portdowngrade
ports-mgmt/portmaster
ports-mgmt/porttree
ports-mgmt/portupgrade
mail/postfinger
mail/postfix
mail/postfix-logwatch
mail/postfix-policyd-spf-perl
mail/postfixadmin
databases/postgis34
databases/postgresql16-server
ports-mgmt/poudriere-devel
net-mgmt/prometheus2
databases/prometheus-postgres-exporter
devel/protobuf
devel/pth
dns/public_suffix_list
www/punbb
ftp/pure-ftpd
sysutils/pwgen
devel/py-Automat
devel/py-babel
textproc/py-CommonMark
graphics/py-fiona
www/py-flask-admin
graphics/py-OWSLib
textproc/py-pyhamcrest
textproc/py-xlsxwriter
textproc/py-pyhamcrest
textproc/py-xlsxwriter
textproc/py-accessible-pygments
security/py-acme
math/py-affine
devel/py-aiofiles
www/py-aiohttp
databases/py-aiosqlite
devel/py-appdirs
devel/py-argcomplete
devel/py-arrow
www/py-asgiref
devel/py-asn1crypto
devel/py-astroid
devel/py-asttokens
devel/py-async-lru
devel/py-async_timeout
textproc/py-autopep8
devel/py-backcall
security/py-bcrypt
www/py-beaker
devel/py-beniget
devel/py-black
www/py-bleach
math/py-bottleneck
www/py-branca
devel/py-breathe
archivers/py-brotli
devel/py-cachetools
graphics/py-cairo
security/py-certbot
devel/py-cftime
textproc/py-chardet
devel/py-cheetah3
devel/py-cleo
devel/py-cloudpickle
textproc/py-colorclass
devel/py-comm
devel/py-constantly
math/py-contourpy
devel/py-country
devel/py-cppy
devel/py-curio
devel/py-cycler
lang/cython
devel/py-dbus
devel/py-ddt
devel/py-debugpy
devel/py-defusedxml
devel/py-deprecation
devel/py-dill
devel/py-distlib
textproc/py-docstring-to-markdown
textproc/py-docx2txt
devel/py-dulwich
x11-toolkits/py-easygui
devel/py-editables
textproc/py-elasticsearch
textproc/py-elasticsearch-dsl
devel/py-entrypoints
textproc/py-et_xmlfile
devel/py-evdev
devel/py-exceptiongroup
security/py-fail2ban
devel/py-fastjsonschema
www/py-feedgenerator
sysutils/py-filelock
devel/py-flake8
devel/py-flit
www/py-folium
print/py-fonttools
www/py-fqdn
devel/py-geojson
graphics/py-geopandas
textproc/py-gi-docgen
devel/py-gitdb
devel/py-gitpython
devel/py-gobject3
devel/py-google-i18n-address
devel/py-greenlet
www/py-gunicorn
devel/py-hatch-jupyter-builder
devel/py-hatch-nodejs-version
www/py-httplib2
www/py-hyperlink
graphics/py-imageio
devel/py-importlib-metadata
databases/py-influxdb
devel/py-intervaltree
devel/py-ipykernel
devel/py-ipython_genutils
devel/py-ipywidgets
devel/py-iso8601
devel/py-isort
textproc/py-jarowinkler
devel/py-jdcal
devel/py-joblib
devel/py-jupyter
devel/py-jupyter-kernel-test
devel/py-jupyter-server-fileid
devel/py-jupyter-server-mathjax
textproc/py-jupyter_sphinx
devel/py-jupyter-telemetry
devel/py-jupyter-ydoc
devel/py-jupyter_console
devel/py-jupyterlab-lsp
devel/py-jupyterlab_launcher
devel/py-kitchen
devel/py-lazy-object-proxy
net/py-ldap0
textproc/py-libxml2
www/py-livereload
devel/py-llvmlite
textproc/py-mako
devel/py-msgpack
devel/py-nbdime
textproc/py-openpyxl
devel/py-ordered-set
math/py-pandas
devel/py-pdm-backend
www/py-pelican
devel/py-pyelftools
textproc/py-pyexcel
editors/py-pynvim
devel/py-pyright
textproc/py-python-lsp-server
devel/py-pyudev
math/py-pywavelets
textproc/py-recommonmark
science/py-scipy
devel/py-setuptools-pkg
textproc/py-smartypants
devel/py-smmap
textproc/py-sphinx-design
textproc/py-sphinx-markdown-tables
databases/py-sqlparse
sysutils/py-supervisor
textproc/py-toml
textproc/py-typogrify
security/py-vici
devel/py-wrapt
textproc/py-xlrd
textproc/py-xlwt
textproc/xml2rfc
emulators/qemu-user-static-devel
databases/qt5-sqldrivers-pgsql
net/rabbitmq
net/rclone
devel/readline
databases/redis_exporter
sysutils/rename
textproc/ripole
devel/root
mail/roundcube-contextmenu
mail/roundcube-identity_smtp
mail/roundcube-larry
mail/roundcube
net-mgmt/routers2
net-mgmt/routers2-extras
databases/rrdtool
net/rsync
databases/ruby-bdb
devel/rubygem-grape
lang/rust
www/sabredav
net/samba419
devel/scons
net/scr_ipfm
devel/sdl12
www/shellinabox
devel/sigar
sysutils/smartmontools
mail/spamassassin
mail/spamd
textproc/sphinxsearch
databases/sqlitemanager
security/strongswan
security/sudo
graphics/svgalib
devel/swig
sysutils/symlinks
net/syncthing
sysutils/sysinfo
sysutils/syslog-ng
devel/t1lib
net-mgmt/telegraf
www/templatelite
graphics/tesseract-data
security/testssl.sh
print/tex-ptexenc
print/texlive-texmf
ftp/tftp-hpa
graphics/tiff
www/tikiwiki
www/tinymce
sysutils/tmux
sysutils/tmux-mem-cpu-load
emulators/tpm-emulator
security/tpm2-tss
sysutils/tree
security/trousers
www/twiki
www/twiki-BehaviourContrib
www/twiki-BlogAddOn
www/twiki-BugzillaLinkPlugin
www/twiki-ClassicSkin
www/twiki-CommentPlugin
www/twiki-EditTablePlugin
www/twiki-EmptyPlugin
www/twiki-GluePlugin
www/twiki-InterwikiPlugin
www/twiki-JSCalendarContrib
www/twiki-MailerContrib
www/twiki-NewUserPlugin
www/twiki-PatternSkin
www/twiki-PreferencesPlugin
www/twiki-RenderListPlugin
www/twiki-SlideShowPlugin
www/twiki-SmiliesPlugin
www/twiki-SpreadSheetPlugin
www/twiki-SubscribePlugin
www/twiki-TWikiUserMappingContrib
www/twiki-TablePlugin
www/twiki-TagMePlugin
www/twiki-TinyMCEPlugin
www/twiki-TipsContrib
www/twiki-TopicVarsPlugin
www/twiki-TwistyContrib
www/twiki-TwistyPlugin
www/twiki-WysiwygPlugin
sysutils/u-boot-rock-pi-4
sysutils/u-boot-tools
dns/unbound
net-mgmt/unifi8
archivers/unrar
archivers/unzip
archivers/unzoo
sysutils/uptimed
lang/v8
www/varnish7
graphics/vips
net/wakeonlan
www/webgrind
sysutils/webmin
graphics/webp
ftp/wget
converters/wkhtmltopdf
net/wol
x11/xcb-util
x11/xcb-util-renderutil
devel/xeus-cling
textproc/xmlcatmgr
textproc/xmlcharent
x11-fonts/xorg-fonts-truetype
devel/xorg-macros
x11/xorgproto
math/xtensor
math/xtensor-io
x11/xtrans
net-mgmt/zabbix7-agent
net-mgmt/zabbix7-frontend
net-mgmt/zabbix7-server
sysutils/zfs-periodic
archivers/zoo
archivers/zstd

jontheil · Sunday at 10:23 PM

jontheil said:
I will run into limititions of fhe length og my answer, som I have made som attacments.

# openssl s_client -connect example.org:443[\CMD] Generally I build with [CMD]portmaster, but I am moving to poudriere.
# pkg prime-origins
graphics/GraphicsMagick
graphics/ImageMagick7
math/R
math/R-cran-Deriv
math/R-cran-SparseM
math/R-cran-car
graphics/R-cran-cowplot
devel/R-cran-data.table
math/R-cran-doBy
graphics/R-cran-ggplot2
math/R-cran-haven
textproc/R-cran-hunspell
devel/R-cran-microbenchmark
textproc/R-cran-writexl
www/UniversalFeedCreator
editors/aee
mail/amavis-logwatch
security/amavisd-new
www/mod_fcgid
www/mod_maxminddb
www/mod_perl2
www/mod_security
www/mod_wsgi4
www/apache24
devel/apr1
archivers/arc
devel/argparse
archivers/arj
net/arping
devel/astyle
net/avahi-app
www/awstats
www/baikal
x11-fonts/bdftopcf
sysutils/beats7
audio/beep
devel/binutils
devel/bison
x11-fonts/bitstream-vera
devel/boost-libs
ports-mgmt/bsdadminscripts2
sysutils/bsdstats
security/ca_root_nss
archivers/cabextract
textproc/catdoc
devel/ccache-static
devel/check
net-mgmt/check_ipmi_sensor
net-mgmt/check_logfiles
net-mgmt/chronograf
security/clamav
lang/cling
devel/cmake-core
misc/compat11x
security/cracklib
print/cups
print/cups-bjnp
ftp/curl
security/cyrus-sasl2
misc/freebsd-doc-da
www/davical
databases/db5
devel/dbus
devel/dbus-glib
x11-fonts/dejavu
misc/delay
ports-mgmt/dialog4ports
textproc/diffutils
textproc/docbook
textproc/docbook-sgml
textproc/docbook-xsl
www/dokuwiki
mail/dovecot-pigeonhole
www/drupal10
www/drupal7
www/elinks
lang/elixir
editors/emacs
www/encode-explorer
x11-fonts/encodings
graphics/exif
textproc/expat2
sysutils/ezjail
math/fftw3
sysutils/file
www/flat-frog
x11-fonts/font-bh-ttf
x11-fonts/font-misc-ethiopic
x11-fonts/font-misc-meltho
x11-fonts/font-util
x11-fonts/fontconfig
print/fpdf
graphics/freeimage
print/freetype2
converters/fribidi
sysutils/fusefs-ntfs
lang/gcc12
lang/gcc6-aux
graphics/gdal
databases/gdbm
graphics/gdchart
net/geoipupdate
net-mgmt/geom-exporter
graphics/geoserver
devel/gettext
graphics/giflib
devel/git
devel/git-extras
devel/git-subrepo
devel/gitaly
www/gitea
www/gitlab
devel/gitui
devel/glib20
devel/glibmm
devel/gmake
math/gmp
sysutils/gnome_subr
security/gnupg
security/gnutls
sysutils/goaccess
devel/gobject-introspection
sysutils/gotop
devel/gperf
www/grafana9
graphics/graphite2
devel/grpc
print/gsfonts
misc/hicolor-icon-theme
devel/hs-haskell-language-server
textproc/hs-pandoc
sysutils/htop
graphics/iccxml
net-mgmt/icinga-php-library
net-mgmt/icinga-php-thirdparty
net-mgmt/icingaweb2-module-businessprocess
net-mgmt/icingaweb2-module-cube
net-mgmt/icingaweb2-module-director
net-mgmt/icingaweb2-module-generictts
net-mgmt/icingaweb2-module-grafana
net-mgmt/icingaweb2-module-graphite
net-mgmt/icingaweb2-module-incubator
net-mgmt/icingaweb2-module-map
net-mgmt/icingaweb2-module-reactbundle
net-mgmt/icingaweb2-module-vsphere
converters/iconv
devel/icu
print/indexinfo
databases/influxdb
textproc/intltool
benchmarks/iperf
benchmarks/iperf3
sysutils/ipmitool
misc/iso-codes
textproc/iso8879
graphics/jasper
graphics/jbig2dec
graphics/jbigkit
devel/jna
www/joomla4
graphics/jpeg-turbo
textproc/kibana8
www/kohana
security/krb5
graphics/lcms
graphics/lcms2
sysutils/ldap-account-manager
archivers/lha
x11/libICE
x11/libSM
x11/libXau
x11-toolkits/libXaw
x11/libXcomposite
x11/libXcursor
math/gmp
sysutils/gnome_subr
security/gnupg
security/gnutls
sysutils/goaccess
devel/gobject-introspection
sysutils/gotop
devel/gperf
www/grafana9
graphics/graphite2
devel/grpc
print/gsfonts
misc/hicolor-icon-theme
devel/hs-haskell-language-server
textproc/hs-pandoc
sysutils/htop
graphics/iccxml
net-mgmt/icinga-php-library
net-mgmt/icinga-php-thirdparty
net-mgmt/icingaweb2-module-businessprocess
net-mgmt/icingaweb2-module-cube
net-mgmt/icingaweb2-module-director
net-mgmt/icingaweb2-module-generictts
net-mgmt/icingaweb2-module-grafana
net-mgmt/icingaweb2-module-graphite
net-mgmt/icingaweb2-module-incubator
net-mgmt/icingaweb2-module-map
net-mgmt/icingaweb2-module-reactbundle
net-mgmt/icingaweb2-module-vsphere
converters/iconv
devel/icu
print/indexinfo
databases/influxdb
textproc/intltool
benchmarks/iperf
benchmarks/iperf3
sysutils/ipmitool
misc/iso-codes
textproc/iso8879
graphics/jasper
graphics/jbig2dec
graphics/jbigkit
devel/jna
www/joomla4
graphics/jpeg-turbo
textproc/kibana8
www/kohana
security/krb5
graphics/lcms
graphics/lcms2
sysutils/ldap-account-manager
archivers/lha
x11/libICE
x11/libSM
x11/libXau
x11-toolkits/libXaw
x11/libXcomposite
x11/libXcursor
sysutils/logwatch
textproc/lowdown
sysutils/lscpu
sysutils/lsof
lang/lua52
lang/lua53
archivers/lzo2
archivers/lzop
devel/m4
graphics/mapcache
graphics/mapserver
databases/mariadb105-server
textproc/markdown
www/mattermost-server
misc/mc
math/mdal
x11-fonts/mkfontscale
www/moinmoin
www/moinmoincli
databases/mongodb60
sysutils/monit
net/mosquitto
net/mpd5
net-mgmt/mrtg
databases/mtop
mail/mutt
finance/myphpmoney
net-mgmt/mysqld_exporter
textproc/mysqlviz
net-mgmt/nagios-check_cpu_usage
net-mgmt/nagios-check_hdd_health
net-mgmt/nagios-check_ports
net-mgmt/nagios-check_postgres
net-mgmt/nagios-check_zpools
net-mgmt/nagios-openldap-plugins
net-mgmt/nagios-plugins
net-mgmt/nagios-snmp-plugins
net-mgmt/nagios-snmp-plugins-extras
net-mgmt/nagios4
sysutils/ncdu
devel/ncurses
editors/neovim
net-mgmt/netdisco
net-mgmt/netdisco-mibs
security/nettle
www/nextcloud-appointments
www/nextcloud-calendar
www/nextcloud-contacts
www/nextcloud-deck
www/nextcloud-forms
www/nextcloud-groupfolders
www/nextcloud-notes
www/nextcloud
www/nextcloud-tasks
net-mgmt/nfs-exporter
net/nifmon
math/nlopt
security/nmap
sysutils/node_exporter
net/nss-pam-ldapd
net/onedrive
devel/oniguruma
www/onlyoffice-documentserver
math/openblas
mail/opendkim
mail/opendmarc
misc/openhab
misc/openhab-addons
graphics/openjpeg
net/openldap26-client
net/openldap26-server
net/openradius
textproc/opensearch
textproc/opensearch-dashboards
security/openssl
security/p11-kit
security/p5-Apache-Htpasswd
security/p5-Crypt-OpenSSL-Random
databases/p5-DBD-Pg
databases/p5-DBI
mail/p5-Email-Date-Format
mail/p5-Email-MIME
mail/p5-Email-MIME-ContentType
mail/p5-Email-Simple
converters/p5-Encode-compat
textproc/p5-Excel-Writer-XLSX
www/p5-FCGI
devel/p5-File-Copy-Recursive
graphics/p5-GD-Graph
graphics/p5-GD-TextUtil
net/p5-GeoIP2
www/p5-HTML-Parser
www/p5-HTML-Tagset
textproc/p5-Lingua-EN-Sentence
devel/p5-Locale-Msgfmt
mail/p5-Mail-Mbox-MessageParser
devel/p5-Term-ReadKey
textproc/p5-Text-Extract-Word
x11-toolkits/p5-Tk
devel/p5-Type-Tiny
textproc/p5-XML-LibXML
textproc/p5-XML-LibXSLT
textproc/p5-YAML
security/pam_mkhomedir
x11-toolkits/pango
misc/pciids
devel/pcre
devel/pcre2
math/pdal
print/pdflib
lang/perl5.36
net-mgmt/php-fpm_exporter
math/php82-bcmath
archivers/php82-bz2
misc/php82-calendar
devel/php-composer
textproc/php82-ctype
ftp/php82-curl
www/dddbl
textproc/php82-dom
graphics/php82-exif
sysutils/php82-fileinfo
security/php82-filter
graphics/php82-gd
devel/php82-gettext
math/php82-gmp
converters/php82-iconv
mail/php82-imap
devel/php82-intl
www/kanboard
net/php82-ldap
devel/php-libawl
databases/php82-mysqli
www/php82-opcache
devel/php82-pcntl
databases/php82-pdo
databases/php82-pdo_mysql
databases/php82-pdo_pgsql
databases/php82-pdo_sqlite
devel/pear
security/pear-Auth
security/pear-Auth_SASL
devel/pear-Date
math/pear-Math_BigInteger
dns/pear-Net_DNS2
net/pear-Net_SMTP
net/pear-Net_Sieve
net/pear-Net_Socket
devel/pear-XML_Parser
devel/pear-XML_Serializer
devel/pear-XML_Util
devel/pear-channel-horde
devel/pecl-APCu
math/pecl-bitset
converters/pecl-igbinary
graphics/pecl-imagick
security/pecl-mcrypt
databases/pecl-memcache
databases/pecl-memcached
databases/pecl-mongodb
databases/pecl-redis
www/pecl-solr
security/pecl-ssh2
devel/pecl-xdebug
databases/php82-pgsql
archivers/php82-phar
sysutils/php82-posix
textproc/php82-pspell
textproc/php82-simplexml
net-mgmt/php82-snmp
net/php82-soap
net/php82-sockets
security/php82-sodium
databases/php82-sqlite3
devel/php82-sysvsem
devel/php82-tokenizer
textproc/php82-xml
textproc/php82-xmlreader
textproc/php82-xmlwriter
textproc/php82-xsl
archivers/php82-zip
archivers/php82-zlib
databases/phpliteadmin
databases/phpmyadmin5
www/phpbb3
net/phpldapadmin
mail/phpmailer
databases/phppgadmin
www/phpsysinfo
sysutils/pidof
archivers/pigz
x11/pixman
ports-mgmt/pkg
ports-mgmt/pkg_cutleaves
ports-mgmt/pkg_rmleaves
ports-mgmt/pkg_tree
devel/pkgconf
multimedia/plexmediaserver
multimedia/plexmediaserver-plexpass
www/pmwiki
www/pnews
graphics/png
graphics/poppler-data
devel/popt
ports-mgmt/portdowngrade
ports-mgmt/portmaster
ports-mgmt/porttree
ports-mgmt/portupgrade
mail/postfinger
mail/postfix
mail/postfix-logwatch
mail/postfix-policyd-spf-perl
mail/postfixadmin
databases/postgis34
databases/postgresql16-server
ports-mgmt/poudriere-devel
net-mgmt/prometheus2
databases/prometheus-postgres-exporter
devel/protobuf
devel/pth
dns/public_suffix_list
www/punbb
ftp/pure-ftpd
sysutils/pwgen
devel/py-Automat
devel/py-babel
textproc/py-CommonMark
graphics/py-fiona
www/py-flask-admin
graphics/py-OWSLib
textproc/py-pyhamcrest
textproc/py-xlsxwriter
textproc/py-pyhamcrest
textproc/py-xlsxwriter
textproc/py-accessible-pygments
security/py-acme
math/py-affine
devel/py-aiofiles
www/py-aiohttp
databases/py-aiosqlite
devel/py-appdirs
devel/py-argcomplete
devel/py-arrow
www/py-asgiref
devel/py-asn1crypto
devel/py-astroid
devel/py-asttokens
devel/py-async-lru
devel/py-async_timeout
textproc/py-autopep8
devel/py-backcall
security/py-bcrypt
www/py-beaker
devel/py-beniget
devel/py-black
www/py-bleach
math/py-bottleneck
www/py-branca
devel/py-breathe
archivers/py-brotli
devel/py-cachetools
graphics/py-cairo
security/py-certbot
devel/py-cftime
textproc/py-chardet
devel/py-cheetah3
devel/py-cleo
devel/py-cloudpickle
textproc/py-colorclass
devel/py-comm
devel/py-constantly
math/py-contourpy
devel/py-country
devel/py-cppy
devel/py-curio
devel/py-cycler
lang/cython
devel/py-dbus
devel/py-ddt
devel/py-debugpy
devel/py-defusedxml
devel/py-deprecation
devel/py-dill
devel/py-distlib
textproc/py-docstring-to-markdown
textproc/py-docx2txt
devel/py-dulwich
x11-toolkits/py-easygui
devel/py-editables
textproc/py-elasticsearch
textproc/py-elasticsearch-dsl
devel/py-entrypoints
textproc/py-et_xmlfile
devel/py-evdev
devel/py-exceptiongroup
security/py-fail2ban
devel/py-fastjsonschema
www/py-feedgenerator
sysutils/py-filelock
devel/py-flake8
devel/py-flit
www/py-folium
print/py-fonttools
www/py-fqdn
devel/py-geojson
graphics/py-geopandas
textproc/py-gi-docgen
devel/py-gitdb
devel/py-gitpython
devel/py-gobject3
devel/py-google-i18n-address
devel/py-greenlet
www/py-gunicorn
devel/py-hatch-jupyter-builder
devel/py-hatch-nodejs-version
www/py-httplib2
www/py-hyperlink
graphics/py-imageio
devel/py-importlib-metadata
databases/py-influxdb
devel/py-intervaltree
devel/py-ipykernel
devel/py-ipython_genutils
devel/py-ipywidgets
devel/py-iso8601
devel/py-isort
textproc/py-jarowinkler
devel/py-jdcal
devel/py-joblib
devel/py-jupyter
devel/py-jupyter-kernel-test
devel/py-jupyter-server-fileid
devel/py-jupyter-server-mathjax
textproc/py-jupyter_sphinx
devel/py-jupyter-telemetry
devel/py-jupyter-ydoc
devel/py-jupyter_console
devel/py-jupyterlab-lsp
devel/py-jupyterlab_launcher
devel/py-kitchen
devel/py-lazy-object-proxy
net/py-ldap0
textproc/py-libxml2
www/py-livereload
devel/py-llvmlite
textproc/py-mako
devel/py-msgpack
devel/py-nbdime
textproc/py-openpyxl
devel/py-ordered-set
math/py-pandas
devel/py-pdm-backend
www/py-pelican
devel/py-pyelftools
textproc/py-pyexcel
editors/py-pynvim
devel/py-pyright
textproc/py-python-lsp-server
devel/py-pyudev
math/py-pywavelets
textproc/py-recommonmark
science/py-scipy
devel/py-setuptools-pkg
textproc/py-smartypants
devel/py-smmap
textproc/py-sphinx-design
textproc/py-sphinx-markdown-tables
databases/py-sqlparse
sysutils/py-supervisor
textproc/py-toml
textproc/py-typogrify
security/py-vici
devel/py-wrapt
textproc/py-xlrd
textproc/py-xlwt
textproc/xml2rfc
emulators/qemu-user-static-devel
databases/qt5-sqldrivers-pgsql
net/rabbitmq
net/rclone
devel/readline
databases/redis_exporter
sysutils/rename
textproc/ripole
devel/root
mail/roundcube-contextmenu
mail/roundcube-identity_smtp
mail/roundcube-larry
mail/roundcube
net-mgmt/routers2
net-mgmt/routers2-extras
databases/rrdtool
net/rsync
databases/ruby-bdb
devel/rubygem-grape
lang/rust
www/sabredav
net/samba419
devel/scons
net/scr_ipfm
devel/sdl12
www/shellinabox
devel/sigar
sysutils/smartmontools
mail/spamassassin
mail/spamd
textproc/sphinxsearch
databases/sqlitemanager
security/strongswan
security/sudo
graphics/svgalib
devel/swig
sysutils/symlinks
net/syncthing
sysutils/sysinfo
sysutils/syslog-ng
devel/t1lib
net-mgmt/telegraf
www/templatelite
graphics/tesseract-data
security/testssl.sh
print/tex-ptexenc
print/texlive-texmf
ftp/tftp-hpa
graphics/tiff
www/tikiwiki
www/tinymce
sysutils/tmux
sysutils/tmux-mem-cpu-load
emulators/tpm-emulator
security/tpm2-tss
sysutils/tree
security/trousers
www/twiki
www/twiki-BehaviourContrib
www/twiki-BlogAddOn
www/twiki-BugzillaLinkPlugin
www/twiki-ClassicSkin
www/twiki-CommentPlugin
www/twiki-EditTablePlugin
www/twiki-EmptyPlugin
www/twiki-GluePlugin
www/twiki-InterwikiPlugin
www/twiki-JSCalendarContrib
www/twiki-MailerContrib
www/twiki-NewUserPlugin
www/twiki-PatternSkin
www/twiki-PreferencesPlugin
www/twiki-RenderListPlugin
www/twiki-SlideShowPlugin
www/twiki-SmiliesPlugin
www/twiki-SpreadSheetPlugin
www/twiki-SubscribePlugin
www/twiki-TWikiUserMappingContrib
www/twiki-TablePlugin
www/twiki-TagMePlugin
www/twiki-TinyMCEPlugin
www/twiki-TipsContrib
www/twiki-TopicVarsPlugin
www/twiki-TwistyContrib
www/twiki-TwistyPlugin
www/twiki-WysiwygPlugin
sysutils/u-boot-rock-pi-4
sysutils/u-boot-tools
dns/unbound
net-mgmt/unifi8
archivers/unrar
archivers/unzip
archivers/unzoo
sysutils/uptimed
lang/v8
www/varnish7
graphics/vips
net/wakeonlan
www/webgrind
sysutils/webmin
graphics/webp
ftp/wget
converters/wkhtmltopdf
net/wol
x11/xcb-util
x11/xcb-util-renderutil
devel/xeus-cling
textproc/xmlcatmgr
textproc/xmlcharent
x11-fonts/xorg-fonts-truetype
devel/xorg-macros
x11/xorgproto
math/xtensor
math/xtensor-io
x11/xtrans
net-mgmt/zabbix7-agent
net-mgmt/zabbix7-frontend
net-mgmt/zabbix7-server
sysutils/zfs-periodic
archivers/zoo
archivers/zstd

jontheil · Sunday at 10:27 PM

Code:

# openssl version -a
OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)
built on: reproducible build, date unspecified
platform: FreeBSD-amd64
options:  bn(64,64)
compiler: clang
OPENSSLDIR: "/etc/ssl"
ENGINESDIR: "/usr/lib/engines-3"
MODULESDIR: "/usr/lib/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0x1fbae3ffffebffff:0x0

jontheil · Sunday at 10:31 PM

Code:

# openssl s_client -connect example.org:443
CONNECTED(00000003)
---
Certificate chain
 0 s:C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org
   i:C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 30 00:00:00 2024 GMT; NotAfter: Mar  1 23:59:59 2025 GMT
 1 s:C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Mar 30 00:00:00 2021 GMT; NotAfter: Mar 29 23:59:59 2031 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHbjCCBlagAwIBAgIQB1vO8waJyK3fE+Ua9K/hhzANBgkqhkiG9w0BAQsFADBZ
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE
aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjQw
MTMwMDAwMDAwWhcNMjUwMzAxMjM1OTU5WjCBljELMAkGA1UEBhMCVVMxEzARBgNV
BAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMUIwQAYDVQQKDDlJ
bnRlcm5ldMKgQ29ycG9yYXRpb27CoGZvcsKgQXNzaWduZWTCoE5hbWVzwqBhbmTC
oE51bWJlcnMxGDAWBgNVBAMTD3d3dy5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAIaFD7sO+cpf2fXgCjIsM9mqDgcpqC8IrXi9wga/
9y0rpqcnPVOmTMNLsid3INbBVEm4CNr5cKlh9rJJnWlX2vttJDRyLkfwBD+dsVvi
vGYxWTLmqX6/1LDUZPVrynv/cltemtg/1Aay88jcj2ZaRoRmqBgVeacIzgU8+zmJ
7236TnFSe7fkoKSclsBhPaQKcE3Djs1uszJs8sdECQTdoFX9I6UgeLKFXtg7rRf/
hcW5dI0zubhXbrW8aWXbCzySVZn0c7RkJMpnTCiZzNxnPXnHFpwr5quqqjVyN/aB
KkjoP04Zmr+eRqoyk/+lslq0sS8eaYSSHbC5ja/yMWyVhvMCAwEAAaOCA/IwggPu
MB8GA1UdIwQYMBaAFHSFgMBmx9833s+9KTeqAx2+7c0XMB0GA1UdDgQWBBRM/tAS
TS4hz2v68vK4TEkCHTGRijCBgQYDVR0RBHoweIIPd3d3LmV4YW1wbGUub3Jnggtl
eGFtcGxlLm5ldIILZXhhbXBsZS5lZHWCC2V4YW1wbGUuY29tggtleGFtcGxlLm9y
Z4IPd3d3LmV4YW1wbGUuY29tgg93d3cuZXhhbXBsZS5lZHWCD3d3dy5leGFtcGxl
Lm5ldDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8v
d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjCBnwYDVR0fBIGXMIGUMEigRqBEhkJodHRwOi8v
Y3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1NjIw
MjBDQTEtMS5jcmwwSKBGoESGQmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdp
Q2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNybDCBhwYIKwYBBQUH
AQEEezB5MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wUQYI
KwYBBQUHMAKGRWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds
b2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNydDAMBgNVHRMBAf8EAjAAMIIB
fQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdABOdaMnXJoQwzhbbNTfP1LrHfDgjhuN
acCx+mSxYpo53wAAAY1b0vxkAAAEAwBFMEMCH0BRCgxPbBBVxhcWZ26a8JCe83P1
JZ6wmv56GsVcyMACIDgpMbEo5HJITTRPnoyT4mG8cLrWjEvhchUdEcWUuk1TAHYA
fVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGNW9L8MAAABAMARzBF
AiBdv5Z3pZFbfgoM3tGpCTM3ZxBMQsxBRSdTS6d8d2NAcwIhALLoCT9mTMN9OyFz
IBV5MkXVLyuTf2OAzAOa7d8x2H6XAHcA5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6
hzId/R43jlAAAAGNW9L8XwAABAMASDBGAiEA4Koh/VizdQU1tjZ2E2VGgWSXXkwn
QmiYhmAeKcVLHeACIQD7JIGFsdGol7kss2pe4lYrCgPVc+iGZkuqnj26hqhr0TAN
BgkqhkiG9w0BAQsFAAOCAQEABOFuAj4N4yNG9OOWNQWTNSICC4Rd4nOG1HRP/Bsn
rz7KrcPORtb6D+Jx+Q0amhO31QhIvVBYs14gY4Ypyj7MzHgm4VmPXcqLvEkxb2G9
Qv9hYuEiNSQmm1fr5QAN/0AzbEbCM3cImLJ69kP5bUjfv/76KB57is8tYf9sh5ik
LGKauxCM/zRIcGa3bXLDafk5S2g5Vr2hs230d/NGW1wZrE+zdGuMxfGJzJP+DAFv
iBfcQnFg4+1zMEKcqS87oniOyG+60RMM0MdejBD7AS43m9us96Gsun/4kufLQUTI
FfnzxLutUV++3seshgefQOy5C/ayi8y1VTNmujPCxPCi6Q==
-----END CERTIFICATE-----
subject=C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org
issuer=C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 3821 bytes and written 747 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

jontheil · Sunday at 10:33 PM

BTW
I chose whatever.dk for hidding my real domains. Wasn't aware if it in fact exsisted...

richardtoohey2 · Sunday at 11:39 PM

Do you use base OpenSSL or the ports OpenSSL when you build things like Apache? i.e. anything in your /etc/make.conf

jontheil · Sunday at 11:46 PM

In

Code:

/etc/make.conf

I have

Code:

DEFAULT_VERSIONS+=      ssl=openssl

richardtoohey2 · Monday at 1:14 AM

Do you normally rebuild everything after an OpenSSL upgrade?

VladiBG · Monday at 5:56 AM

The version output of openssl version -a is matching the base version of openssl 3.0.13 and not the port version 3.0.15. You may want to change back to the base version by removing /etc/make.conf or change it to SSL_DEFAULT= base and then rebuild all ports or check why openssl that you run is not the installed version from the ports and then rebuild all ports.

richardtoohey2 · Monday at 8:29 AM

VladiBG said:
The version output of openssl version -a is matching the base version of openssl 3.0.13 and not the port version 3.0.15. You may want to change back to the base version by removing /etc/make.conf or change it to SSL_DEFAULT= base and then rebuild all ports or check why openssl that you run is not the installed version from the ports and then rebuld all ports.

You have to use the full path to use the port’s OpenSSL client so /usr/local/sbin/openssl but yes I think having the ports version isn’t necessary on 14.x (unless you are planning on using 3.x where x>0).

So there might be a mismatch because you’ve got both base and ports versions in play - something to eliminate.

VladiBG · Monday at 9:17 AM

Showing the result of https connection to example.org instead of your domain and the exact error that you receive will not help at all. The only error that i see is that during the test with cURL it's build with debug libcurl option and it's interrupted during the TLS handshake (Recv failure: Connection reset by peer) .
It may be caused by network issue like MTU size; firewall or cURL/PHP/apache build against wrong libcrypto version. Try to rebuild all ports that depend of openssl or at least start with apache , php and curl.

jontheil · 2024-11-06T19:26:18+0000

richardtoohey2 said:
You have to use the full path to use the port’s OpenSSL client so /usr/local/sbin/openssl but yes I think having the ports version isn’t necessary on 14.x (unless you are planning on using 3.x where x>0).

So there might be a mismatch because you’ve got both base and ports versions in play - something to eliminate.

I have tried to remove the ssl entry from

Code:

/etc/make.conf

, but then I get a lot of warning like

Code:

!\ WARNING /!\

You have security/openssl installed but do not have
DEFAULT_VERSIONS+=ssl=openssl set in your make.conf

With

Code:

SSL_DEFAULT= base

I can't seem to install e.g.

Code:

lang/python311

richardtoohey2 · 2024-11-06T20:02:11+0000

jontheil said:
I can't seem to install e.g.

What happens when you try? How are you trying to do this?

The current theory is that you have a mix of ports, some linked to base OpenSSL, some linked to ports OpenSSL, and you have to rebuild *everything* against just one of those to eliminate it being the OpenSSL version.

Maybe to get rid of the warning uninstall ports OpenSSL unless you specifically need it.

Do you have to build from ports? In some scenerios it is necessary, but it's easier to use binary packages.

jontheil · 2024-11-06T20:30:43+0000

richardtoohey2 said:
What happens when you try? How are you trying to do this?

The current theory is that you have a mix of ports, some linked to base OpenSSL, some linked to ports OpenSSL, and you have to rebuild *everything* against just one of those to eliminate it being the OpenSSL version.

Maybe to get rid of the warning uninstall ports OpenSSL unless you specifically need it.

Do you have to build from ports? In some scenerios it is necessary, but it's easier to use binary packages.

Mixing packages and port is bad. I think I can try with poudriere is the best option, but then I have to change a lot of options first