I recently secured a server that was still susceptible to the Poodle vulnerability, which involved configuring Apache to no longer accept SSLv3 connections. However, after several hours, I noticed that a cron job that normally refreshes the contents of the client’s database via a curl command line call every half hour didn’t appear to be running anymore.
This is the command that was being fired off every half hour (URL changed to protect the innocent 🙂 ):
curl -L -s --user-agent 'Database Refresh Cron' 'https://serverhostname/db/?refresh'
Additionally, the requests stopped being logged in Apache’s logs at around the same time that I updated Apache’s configuration against the Poodle vulnerability. Curious about this, I ran the curl command manually and got this somewhat esoteric error message:
curl: (35) Unknown SSL protocol error in connection to serverhostname:443
Turns out, the server’s curl command was defaulting to attempting to connect using SSLv3, which had been disabled on the server. Fortunately, the fix turned out to be simple:
curl -L -s --tlsv1 --user-agent 'Database Refresh Cron' 'https://serverhostname/db/?refresh'
This threw me for a loop so hopefully this tip helps someone out there!