question

Hello,

Something weird starts happending with our Clover OAuth on the past week, we can't make a query to www.clover.com. We are getting ssl error, in mean time api.clover.com and sandbox.dev.clover.com. is working perfect. This is output of trying to access to www.clover.com.

xxx:~# openssl s_client -connect www.clover.com:443

CONNECTED(00000003)

write:errno=0

---

no peer certificate available

---

No client certificate CA names sent

---

SSL handshake has read 0 bytes and written 306 bytes

Verification: OK

---

New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

Early data was not sent

Verify return code: 0 (ok)

—

example response with accessing to api.clover.com

xxxx:~# openssl s_client -connect api.clover.com:443

CONNECTED(00000003)

depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2

verify return:1

depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1

verify return:1

depth=0 CN = api.clover.com

verify return:1

---

Certificate chain

0 s:CN = api.clover.com

i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1

1 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1

i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2

---

Server certificate

-----BEGIN CERTIFICATE-----

........

-----END CERTIFICATE-----

subject=CN = api.clover.com

issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1

---

No client certificate CA names sent

Peer signing digest: SHA512

Peer signature type: RSA

Server Temp Key: ECDH, P-256, 256 bits

---

SSL handshake has read 3454 bytes and written 432 bytes

Verification: OK

---

New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

SSL-Session:

Protocol : TLSv1.2

Cipher : ECDHE-RSA-AES256-GCM-SHA384

Session-ID: C0510556D5F56734AB4D108B0C765D06764F85C5A795773497D5D195FBF1233F

Session-ID-ctx:

Master-Key: 81510FA9766584761AD17A5582856531DE9157604936D9CBD64E51E683478B6A3DC4243CEF52D6505FF12D5D692E565A

PSK identity: None

PSK identity hint: None

SRP username: None

TLS session ticket lifetime hint: 300 (seconds)

TLS session ticket:

0000 - a3 0c 39 93 a6 d6 a7 59-a4 1c 56 76 71 ff 7b 7b ..9....Y..Vvq.{ {

0010 - 36 5e 4e ed d7 25 01 b6-88 2b 2e 6f 34 a1 42 f9 6^N..%...+.o4.B.

0020 - 67 c4 f9 27 8a 93 a4 12-ef cf 1c 7d 0f b9 ad 26 g..'.......}...&

0030 - 4f 2b 93 04 a0 d3 b8 ba-39 6e e5 d9 03 24 25 c2 O+......9n...$%.

0040 - ec 86 89 0a e0 58 45 6d-3f ba 7b 7d 5b 97 70 54 .....XEm?.{}[.pT

0050 - db f3 24 c4 f7 4b 33 a8-61 e0 3b 85 e5 c8 2e c6 ..$..K3.a.;.....

0060 - 86 e4 b3 bc dd 88 dd 22-78 37 51 8b 81 f3 1e c8 ......."x7Q.....

0070 - 91 87 9b 95 3f bf 5a c5-30 54 00 0c c5 24 74 6c ....?.Z.0T...$tl

0080 - 9e ca 95 c4 cb 7e 31 e3-73 27 16 99 78 42 98 61 .....~1.s'..xB.a

0090 - cc 8a f7 7b 69 ab cc 64-35 9d 80 84 7f 1a b0 3a ...{i..d5......:

00a0 - 9c f7 cb 44 bd 37 10 14-bc c4 39 70 25 14 e9 36 ...D.7....9p%..6

Start Time: 1708964110

Timeout : 7200 (sec)

Verify return code: 0 (ok)

Extended master secret: no

---