Command Line Sensor broke in 2024.7, How do I fix?

Configuration
4

Here is a trace of the curl command from terminal window.

I’ll put the --trace in the command_line

[core-ssh config]$ cat curlTrace.txt
OPENSSL_CONF=/config/xcelcerts/myown/openssl.cnf /usr/bin/curl --ciphers ECDHE-ECDSA-AES128-CCM8  --trace troubleshoot \
--insecure --url https://10.0.0.226:8081/upt/1/mr/1/r --cert /config/xcelcerts/myown/cert.pem --key /config/xcelcerts/myown/key.pem

[core-ssh config]$ vi curlTrace.txt
[core-ssh config]$ ./curlTrace.txt
<Reading
     xmlns="urn:ieee:std:2030.5:ns"
     href="/upt/1/mr/1/r">
    <qualityFlags>01</qualityFlags>
    <timePeriod>
        <duration>1</duration>
        <start>1720723030</start>
    </timePeriod>
    <value>-6038</value>
</Reading>

cat troubleshoot

== Info:   Trying 10.0.0.226:8081...
== Info: Connected to 10.0.0.226 (10.0.0.226) port 8081
== Info: ALPN: curl offers h2,http/1.1
== Info: Cipher selection: ECDHE-ECDSA-AES128-CCM8
=> Send SSL data, 5 bytes (0x5)
0000: 16 03 01 00 fe                                  .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 254 bytes (0xfe)
0000: 01 00 00 fa 03 03 44 b2 5f 73 11 8a 52 32 89 05 ......D._s..R2..
0010: 4a 31 46 48 f3 56 33 9e 11 00 cd 2d 32 21 d1 1f J1FH.V3....-2!..
0020: 1a 43 cc 0e cd cc 20 37 58 ad 36 1a 0a 1b 85 ff .C.... 7X.6.....
0030: 3c ef 0d ed 14 be 52 2b 05 00 74 92 b9 04 bc d7 <.....R+..t.....
0040: ed 71 ab fb 85 41 4a 00 0a 13 02 13 03 13 01 c0 .q...AJ.........
0050: ae 00 ff 01 00 00 a7 00 0b 00 04 03 00 01 02 00 ................
0060: 0a 00 16 00 14 00 1d 00 17 00 1e 00 19 00 18 01 ................
0070: 00 01 01 01 02 01 03 01 04 00 10 00 0e 00 0c 02 ................
0080: 68 32 08 68 74 74 70 2f 31 2e 31 00 16 00 00 00 h2.http/1.1.....
0090: 17 00 00 00 31 00 00 00 0d 00 2a 00 28 04 03 05 ....1.....*.(...
00a0: 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 ................
00b0: 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 ................
00c0: 02 05 02 06 02 00 2b 00 05 04 03 04 03 03 00 2d ......+........-
00d0: 00 02 01 01 00 33 00 26 00 24 00 1d 00 20 cd b8 .....3.&.$... ..
00e0: f9 d1 3f 24 14 79 68 88 43 a4 d4 fa 39 a1 e6 2d ..?$.yh.C...9..-
00f0: 6b c6 45 01 cc ed e1 42 74 c3 6e 56 58 00       k.E....Bt.nVX.
<= Recv SSL data, 5 bytes (0x5)
0000: 16 03 03 07 ff                                  .....
== Info: TLSv1.3 (IN), TLS handshake, Server hello (2):
<= Recv SSL data, 82 bytes (0x52)
0000: 02 00 00 4e 03 03 66 90 26 56 ad 12 e9 da db e1 ...N..f.&V......
0010: e7 77 e4 a6 08 81 39 c8 e4 75 4a 24 da d4 21 18 .w....9..uJ$..!.
0020: 67 0b f9 1e d3 8b 20 84 79 6f 72 7e 2f 32 85 70 g..... .yor~/2.p
0030: 6b 45 f4 81 f0 36 0e 34 8d 0b ea b5 52 98 9b 0a kE...6.4....R...
0040: ec 4a b4 49 e3 62 84 c0 ae 00 00 06 00 0b 00 02 .J.I.b..........
0050: 01 00                                           ..
== Info: TLSv1.2 (IN), TLS handshake, Certificate (11):
<= Recv SSL data, 1802 bytes (0x70a)
0000: 0b 00 07 06 00 07 03 00 01 b1 30 82 01 ad 30 82 ..........0...0.
0010: 01 54 a0 03 02 01 02 02 03 43 25 8c 30 0a 06 08 .T.......C%.0...
0020: 2a 86 48 ce 3d 04 03 02 30 44 31 0b 30 09 06 03 *.H.=...0D1.0...
0030: 55 04 06 13 02 55 53 31 0e 30 0c 06 03 55 04 0a U....US1.0...U..
0040: 0c 05 49 74 72 6f 6e 31 19 30 17 06 03 55 04 03 ..Itron1.0...U..
0050: 0c 10 49 45 45 45 20 32 30 33 30 2e 35 20 4d 49 ..IEEE 2030.5 MI
0060: 43 41 31 0a 30 08 06 03 55 04 05 13 01 37 30 20 CA1.0...U....70 
0070: 17 0d 32 32 30 32 30 38 31 38 34 36 31 37 5a 18 ..220208184617Z.
0080: 0f 39 39 39 39 31 32 33 31 32 33 35 39 30 30 5a .99991231235900Z
0090: 30 00 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 06 0.0Y0...*.H.=...
00a0: 08 2a 86 48 ce 3d 03 01 07 03 42 00 04 c7 af 2d .*.H.=....B....-
00b0: 44 b3 7a 9b 31 26 42 9b 3d ad a9 5b df a5 7b 7b D.z.1&B.=..[..{{
00c0: ea 23 81 c9 7e 4b 89 53 29 ed e2 31 4a b1 0d 4e .#..~K.S)..1J..N
00d0: ff 34 06 3b b1 ea 39 49 19 6f 0a 59 8b 69 63 69 .4.;..9I.o.Y.ici
00e0: 27 35 a3 42 80 bb f8 3e 30 96 2b 18 0c a3 77 30 '5.B...>0.+...w0
00f0: 75 30 1a 06 03 55 1d 20 01 01 ff 04 10 30 0e 30 u0...U. .....0.0
0100: 0c 06 0a 2b 06 01 04 01 82 be 1c 01 01 30 0e 06 ...+.........0..
0110: 03 55 1d 0f 01 01 ff 04 04 03 02 07 80 30 13 06 .U...........0..
0120: 03 55 1d 23 04 0c 30 0a 80 08 44 56 ee 91 8e 6c .U.#..0...DV...l
0130: c6 d8 30 32 06 03 55 1d 11 01 01 ff 04 28 30 26 ..02..U......(0&
0140: a0 24 06 08 2b 06 01 05 05 07 08 04 a0 18 30 16 .$..+.........0.
0150: 06 0a 2b 06 01 04 01 81 ae 60 0c 01 04 08 00 00 ..+......`......
0160: 00 66 00 43 25 8c 30 0a 06 08 2a 86 48 ce 3d 04 .f.C%.0...*.H.=.
0170: 03 02 03 47 00 30 44 02 20 68 43 d7 b3 7a 2a 1b ...G.0D. hC..z*.
0180: f2 bc bd a2 8e d8 22 b7 a8 23 f4 49 ad f1 dd 85 ......"..#.I....
0190: b9 8f 51 e9 8a 91 06 7a 1b 02 20 6c 68 f7 ad f3 ..Q....z.. lh...
01a0: a3 0d 6f aa d8 1a d5 36 a6 47 41 5e f0 c3 ee 3b ..o....6.GA^...;
01b0: 1f 8d cb 8e f1 b5 e6 1d 15 74 ee 00 01 e7 30 82 .........t....0.
01c0: 01 e3 30 82 01 88 a0 03 02 01 02 02 01 07 30 0a ..0...........0.
01d0: 06 08 2a 86 48 ce 3d 04 03 02 30 43 31 0b 30 09 ..*.H.=...0C1.0.
01e0: 06 03 55 04 06 13 02 55 53 31 0e 30 0c 06 03 55 ..U....US1.0...U
01f0: 04 0a 0c 05 49 74 72 6f 6e 31 18 30 16 06 03 55 ....Itron1.0...U
0200: 04 03 0c 0f 49 45 45 45 20 32 30 33 30 2e 35 20 ....IEEE 2030.5 
0210: 4d 43 41 31 0a 30 08 06 03 55 04 05 13 01 31 30 MCA1.0...U....10
0220: 20 17 0d 32 31 30 34 31 32 31 37 35 34 31 34 5a  ..210412175414Z
0230: 18 0f 39 39 39 39 31 32 33 31 32 33 35 39 35 39 ..99991231235959
0240: 5a 30 44 31 0b 30 09 06 03 55 04 06 13 02 55 53 Z0D1.0...U....US
0250: 31 0e 30 0c 06 03 55 04 0a 0c 05 49 74 72 6f 6e 1.0...U....Itron
0260: 31 19 30 17 06 03 55 04 03 0c 10 49 45 45 45 20 1.0...U....IEEE 
0270: 32 30 33 30 2e 35 20 4d 49 43 41 31 0a 30 08 06 2030.5 MICA1.0..
0280: 03 55 04 05 13 01 37 30 59 30 13 06 07 2a 86 48 .U....70Y0...*.H
0290: ce 3d 02 01 06 08 2a 86 48 ce 3d 03 01 07 03 42 .=....*.H.=....B
02a0: 00 04 be b5 cd a2 a6 41 73 6b 90 75 21 62 1d 66 .......Ask.u!b.f
02b0: 46 a7 08 01 99 77 1a 32 ea 76 f1 59 21 b7 b0 3a F....w.2.v.Y!..:
02c0: d4 ee 0a 08 15 06 b0 4b 75 ec 2e ca 1a d4 60 1a .......Ku.....`.
02d0: ce e3 07 85 74 88 4c 64 69 9c f8 0a ad 45 c9 50 ....t.Ldi....E.P
02e0: 64 c6 a3 6a 30 68 30 0e 06 03 55 1d 0f 01 01 ff d..j0h0...U.....
02f0: 04 04 03 02 02 04 30 1a 06 03 55 1d 20 01 01 ff ......0...U. ...
0300: 04 10 30 0e 30 0c 06 0a 2b 06 01 04 01 82 be 1c ..0.0...+.......
0310: 01 01 30 12 06 03 55 1d 13 01 01 ff 04 08 30 06 ..0...U.......0.
0320: 01 01 ff 02 01 00 30 11 06 03 55 1d 0e 04 0a 04 ......0...U.....
0330: 08 44 56 ee 91 8e 6c c6 d8 30 13 06 03 55 1d 23 .DV...l..0...U.#
0340: 04 0c 30 0a 80 08 4b 45 f8 24 df 63 5f 38 30 0a ..0...KE.$.c_80.
0350: 06 08 2a 86 48 ce 3d 04 03 02 03 49 00 30 46 02 ..*.H.=....I.0F.
0360: 21 00 a3 83 3f 04 4f 53 06 75 5f fe db a6 ff 46 !...?.OS.u_....F
0370: b8 b3 e4 a6 a9 44 6a 84 9d 1a ae af d6 1e 77 fd .....Dj.......w.
0380: f4 4c 02 21 00 9a a7 d7 56 66 89 f6 46 e2 b5 07 .L.!....Vf..F...
0390: 3c d7 5b 79 bd bd 1f 54 b2 9f d7 97 6b b2 e4 65 <.[y...T....k..e
03a0: 70 fb 1b 17 72 00 01 c7 30 82 01 c3 30 82 01 69 p...r...0...0..i
03b0: a0 03 02 01 02 02 01 01 30 0a 06 08 2a 86 48 ce ........0...*.H.
03c0: 3d 04 03 02 30 2b 31 0e 30 0c 06 03 55 04 0a 0c =...0+1.0...U...
03d0: 05 49 74 72 6f 6e 31 19 30 17 06 03 55 04 03 0c .Itron1.0...U...
03e0: 10 49 45 45 45 20 32 30 33 30 2e 35 20 52 6f 6f .IEEE 2030.5 Roo
03f0: 74 30 20 17 0d 32 30 31 30 31 36 32 31 34 37 32 t0 ..20101621472
0400: 36 5a 18 0f 39 39 39 39 31 32 33 31 32 33 35 39 6Z..999912312359
0410: 35 39 5a 30 43 31 0b 30 09 06 03 55 04 06 13 02 59Z0C1.0...U....
0420: 55 53 31 0e 30 0c 06 03 55 04 0a 0c 05 49 74 72 US1.0...U....Itr
0430: 6f 6e 31 18 30 16 06 03 55 04 03 0c 0f 49 45 45 on1.0...U....IEE
0440: 45 20 32 30 33 30 2e 35 20 4d 43 41 31 0a 30 08 E 2030.5 MCA1.0.
0450: 06 03 55 04 05 13 01 31 30 59 30 13 06 07 2a 86 ..U....10Y0...*.
0460: 48 ce 3d 02 01 06 08 2a 86 48 ce 3d 03 01 07 03 H.=....*.H.=....
0470: 42 00 04 22 bd 6b 3f 25 cb 0f 05 7c 41 66 b9 b7 B..".k?%...|Af..
0480: c2 af 16 83 1a db 20 ca 7e d2 48 1a 13 46 1b 9e ...... .~.H..F..
0490: 07 d3 cd d8 e0 52 b4 eb 5c 0c f9 70 30 ab 41 00 .....R..\..p0.A.
04a0: e0 df d8 37 b9 1f 7f 4b 33 81 5b 9e f8 7d 50 bd ...7...K3.[..}P.
04b0: 75 31 41 a3 64 30 62 30 0e 06 03 55 1d 0f 01 01 u1A.d0b0...U....
04c0: ff 04 04 03 02 01 06 30 14 06 03 55 1d 20 01 01 .......0...U. ..
04d0: ff 04 0a 30 08 30 06 06 04 55 1d 20 00 30 12 06 ...0.0...U. .0..
04e0: 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 .U.......0......
04f0: 01 30 11 06 03 55 1d 0e 04 0a 04 08 4b 45 f8 24 .0...U......KE.$
0500: df 63 5f 38 30 13 06 03 55 1d 23 04 0c 30 0a 80 .c_80...U.#..0..
0510: 08 4e 04 ef c2 4a b2 aa e7 30 0a 06 08 2a 86 48 .N...J...0...*.H
0520: ce 3d 04 03 02 03 48 00 30 45 02 21 00 9d d3 02 .=....H.0E.!....
0530: fb 00 e7 e4 42 f9 04 43 48 fd 24 74 4a 79 62 9b ....B..CH.$tJyb.
0540: 6c 6b 99 62 42 2b 11 59 ca a8 31 ce 79 02 20 1f lk.bB+.Y..1.y. .
0550: 3e 66 fe 45 14 2e b6 f2 9a 0e 41 c4 b7 33 6e d4 >f.E......A..3n.
0560: 87 dd 04 e0 2d b6 02 84 0d a1 3b c9 ce 7c 8b 00 ....-.....;..|..
0570: 01 98 30 82 01 94 30 82 01 39 a0 03 02 01 02 02 ..0...0..9......
0580: 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 02 30 2b ..0...*.H.=...0+
0590: 31 0e 30 0c 06 03 55 04 0a 0c 05 49 74 72 6f 6e 1.0...U....Itron
05a0: 31 19 30 17 06 03 55 04 03 0c 10 49 45 45 45 20 1.0...U....IEEE 
05b0: 32 30 33 30 2e 35 20 52 6f 6f 74 30 20 17 0d 32 2030.5 Root0 ..2
05c0: 30 31 30 31 36 32 31 32 34 34 38 5a 18 0f 39 39 01016212448Z..99
05d0: 39 39 31 32 33 31 32 33 35 39 35 39 5a 30 2b 31 991231235959Z0+1
05e0: 0e 30 0c 06 03 55 04 0a 0c 05 49 74 72 6f 6e 31 .0...U....Itron1
05f0: 19 30 17 06 03 55 04 03 0c 10 49 45 45 45 20 32 .0...U....IEEE 2
0600: 30 33 30 2e 35 20 52 6f 6f 74 30 59 30 13 06 07 030.5 Root0Y0...
0610: 2a 86 48 ce 3d 02 01 06 08 2a 86 48 ce 3d 03 01 *.H.=....*.H.=..
0620: 07 03 42 00 04 69 80 38 13 42 17 39 ce 80 13 90 ..B..i.8.B.9....
0630: 0b 3d 51 66 d3 f6 e4 5a bb a1 84 6f 54 7f d6 23 .=Qf...Z...oT..#
0640: c6 2e 4f 87 00 03 b2 02 ed d2 90 a1 d3 c1 51 a0 ..O...........Q.
0650: cd 43 e5 ef 73 fd 28 c1 fd 64 3e 27 48 84 39 a3 .C..s.(..d>'H.9.
0660: 6a 89 32 9b ae a3 4c 30 4a 30 0e 06 03 55 1d 0f j.2...L0J0...U..
0670: 01 01 ff 04 04 03 02 01 06 30 14 06 03 55 1d 20 .........0...U. 
0680: 01 01 ff 04 0a 30 08 30 06 06 04 55 1d 20 00 30 .....0.0...U. .0
0690: 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff ...U.......0....
06a0: 30 11 06 03 55 1d 0e 04 0a 04 08 4e 04 ef c2 4a 0...U......N...J
06b0: b2 aa e7 30 0a 06 08 2a 86 48 ce 3d 04 03 02 03 ...0...*.H.=....
06c0: 49 00 30 46 02 21 00 b8 42 eb ab c0 bc fc 37 75 I.0F.!..B.....7u
06d0: 69 f2 f4 09 79 3a d7 4d 22 a9 96 0b 56 da 8f 86 i...y:.M"...V...
06e0: 2e 95 33 6f 0b 76 6b 02 21 00 f1 ca 01 91 24 dd ..3o.vk.!.....$.
06f0: de 1c e7 92 ac 6f f0 08 5f 0a c6 c2 ca db b0 3e .....o.._......>
0700: f9 5a 67 ca 5f d0 e3 39 ce b4                   .Zg._..9..
== Info: TLSv1.2 (IN), TLS handshake, Server key exchange (12):
<= Recv SSL data, 147 bytes (0x93)
0000: 0c 00 00 8f 03 00 17 41 04 f3 23 7c 5d be 49 70 .......A..#|].Ip
0010: 4a 7a fe 34 8c 8d 12 6b d4 0f 4e 3c 70 e2 a2 65 Jz.4...k..N<p..e
0020: 66 0e 44 84 6b b5 24 1d 1a b1 39 5e 60 47 af d1 f.D.k.$...9^`G..
0030: 1c 44 48 54 77 e4 20 21 b5 f5 fb d0 f4 3c d0 e8 .DHTw. !.....<..
0040: 96 93 23 5e fb d4 fd f3 af 04 03 00 46 30 44 02 ..#^........F0D.
0050: 20 09 0d 9f b7 c2 bc 72 27 fb 7d 4d 67 c4 42 09  ......r'.}Mg.B.
0060: 47 fc 53 12 7c 97 f3 e5 85 e0 bb b3 6a cd 07 75 G.S.|.......j..u
0070: f8 02 20 06 c3 f3 71 f8 5b b4 48 4f 59 50 19 84 .. ...q.[.HOYP..
0080: c4 2b 73 2d ef 15 38 b0 77 ea 73 a0 c7 3c ce 51 .+s-..8.w.s..<.Q
0090: 3f f7 6b                                        ?.k
== Info: TLSv1.2 (IN), TLS handshake, Request CERT (13):
<= Recv SSL data, 12 bytes (0xc)
0000: 0d 00 00 08 01 40 00 02 04 03 00 00             .....@......
== Info: TLSv1.2 (IN), TLS handshake, Server finished (14):
<= Recv SSL data, 4 bytes (0x4)
0000: 0e 00 00 00                                     ....
=> Send SSL data, 5 bytes (0x5)
0000: 16 03 03 01 cd                                  .....
== Info: TLSv1.2 (OUT), TLS handshake, Certificate (11):
=> Send SSL data, 461 bytes (0x1cd)
0000: 0b 00 01 c9 00 01 c6 00 01 c3 30 82 01 bf 30 82 ..........0...0.
0010: 01 65 a0 03 02 01 02 02 14 5f c3 dc 6c 75 05 a2 .e......._..lu..
0020: 21 81 7b 78 17 70 20 62 dc 4c ea b0 f3 30 0a 06 !.{x.p b.L...0..
0030: 08 2a 86 48 ce 3d 04 03 02 30 1f 31 1d 30 1b 06 .*.H.=...0.1.0..
0040: 03 55 04 03 0c 14 4d 65 74 65 72 52 65 61 64 65 .U....MeterReade
0050: 72 48 61 6e 43 6c 69 65 6e 74 30 1e 17 0d 32 33 rHanClient0...23
0060: 30 32 31 33 31 36 30 35 33 35 5a 17 0d 32 36 30 0213160535Z..260
0070: 32 31 31 31 36 30 35 33 35 5a 30 1f 31 1d 30 1b 211160535Z0.1.0.
0080: 06 03 55 04 03 0c 14 4d 65 74 65 72 52 65 61 64 ..U....MeterRead
0090: 65 72 48 61 6e 43 6c 69 65 6e 74 30 59 30 13 06 erHanClient0Y0..
00a0: 07 2a 86 48 ce 3d 02 01 06 08 2a 86 48 ce 3d 03 .*.H.=....*.H.=.
00b0: 01 07 03 42 00 04 99 a8 ba 47 45 9a 7c 73 59 73 ...B.....GE.|sYs
00c0: 70 99 1f e7 27 18 c9 69 62 29 f8 39 89 e0 17 c9 p...'..ib).9....
00d0: 45 22 7c 12 b4 b1 70 59 2d 36 37 d2 31 b1 7b ff E"|...pY-67.1.{.
00e0: df be ca 87 cd b6 6e 68 a6 3d 2a 37 a7 34 a2 12 ......nh.=*7.4..
00f0: 9e 27 3f af 1d 60 a3 7f 30 7d 30 1d 06 03 55 1d .'?..`..0}0...U.
0100: 0e 04 16 04 14 5d ad c5 d0 1d 2b 35 46 55 eb 16 .....]....+5FU..
0110: 56 b4 d4 37 9b 8a 6c 2c b9 30 1f 06 03 55 1d 23 V..7..l,.0...U.#
0120: 04 18 30 16 80 14 5d ad c5 d0 1d 2b 35 46 55 eb ..0...]....+5FU.
0130: 16 56 b4 d4 37 9b 8a 6c 2c b9 30 0f 06 03 55 1d .V..7..l,.0...U.
0140: 13 01 01 ff 04 05 30 03 01 01 ff 30 1a 06 03 55 ......0....0...U
0150: 1d 20 01 01 ff 04 10 30 0e 30 0c 06 0a 2b 06 01 . .....0.0...+..
0160: 04 01 82 be 1c 02 02 30 0e 06 03 55 1d 0f 01 01 .......0...U....
0170: ff 04 04 03 02 07 80 30 0a 06 08 2a 86 48 ce 3d .......0...*.H.=
0180: 04 03 02 03 48 00 30 45 02 20 44 2d a3 25 da e1 ....H.0E. D-.%..
0190: 39 3b 6f 8a b3 d9 18 85 f6 c9 51 6e 30 38 c5 9a 9;o.......Qn08..
01a0: 30 eb b4 fb df 47 4d 25 16 b1 02 21 00 90 8c ec 0....GM%...!....
01b0: a2 3d 35 2b f2 f9 b9 a2 cd 16 b1 e9 70 20 a1 09 .=5+........p ..
01c0: 15 c4 0d 2f 62 4b fd 77 1e 90 a9 bc 87          .../bK.w.....
=> Send SSL data, 5 bytes (0x5)
0000: 16 03 03 00 46                                  ....F
== Info: TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
=> Send SSL data, 70 bytes (0x46)
0000: 10 00 00 42 41 04 1e 76 44 7d fa 98 79 c1 95 7c ...BA..vD}..y..|
0010: 5c d1 70 03 ea bb 10 27 a6 56 c5 f4 6d 22 ad 3c \.p....'.V..m".<
0020: f5 b7 a7 24 7a 65 68 18 d5 ab 56 25 84 48 25 99 ...$zeh...V%.H%.
0030: 5b 6a fa 19 2e a2 4b 77 7a 1e b0 30 38 89 24 1f [j....Kwz..08.$.
0040: 25 4d 72 18 c6 d3                               %Mr...
=> Send SSL data, 5 bytes (0x5)
0000: 16 03 03 00 50                                  ....P
== Info: TLSv1.2 (OUT), TLS handshake, CERT verify (15):
=> Send SSL data, 80 bytes (0x50)
0000: 0f 00 00 4c 04 03 00 48 30 46 02 21 00 a7 6f 87 ...L...H0F.!..o.
0010: 01 6f 66 33 fd 11 79 94 9a 34 eb 6c 8a 93 35 a1 .of3..y..4.l..5.
0020: ae 23 5c ef d4 04 2d 17 9a fd 7a 5f ca 02 21 00 .#\...-...z_..!.
0030: a0 82 6d 5e 01 fc b1 c9 12 70 2c 14 83 5c a4 d2 ..m^.....p,..\..
0040: 0d dc af e7 a1 ba 6f f1 56 ca b5 5f 8e f8 f6 1c ......o.V.._....
=> Send SSL data, 5 bytes (0x5)
0000: 14 03 03 00 01                                  .....
== Info: TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
=> Send SSL data, 1 bytes (0x1)
0000: 01                                              .
=> Send SSL data, 5 bytes (0x5)
0000: 16 03 03 00 20                                  .... 
== Info: TLSv1.2 (OUT), TLS handshake, Finished (20):
=> Send SSL data, 16 bytes (0x10)
0000: 14 00 00 0c 01 f3 19 bc 20 65 4e 32 2b 22 e1 96 ........ eN2+"..
<= Recv SSL data, 5 bytes (0x5)
0000: 14 03 03 00 01                                  .....
<= Recv SSL data, 5 bytes (0x5)
0000: 16 03 03 00 20                                  .... 
== Info: TLSv1.2 (IN), TLS handshake, Finished (20):
<= Recv SSL data, 16 bytes (0x10)
0000: 14 00 00 0c 35 ff 1b 9b 6c 9a 99 b3 a0 10 ad 38 ....5...l......8
== Info: SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-CCM8 / prime256v1 / id-ecPublicKey
== Info: ALPN: server did not agree on a protocol. Uses default.
== Info: Server certificate:
== Info:  subject: [NONE]
== Info:  start date: Feb  8 18:46:17 2022 GMT
== Info:  expire date: Dec 31 23:59:00 9999 GMT
== Info:  issuer: C=US; O=Itron; CN=IEEE 2030.5 MICA; serialNumber=7
== Info:  SSL certificate verify result: self-signed certificate in certificate chain (19), continuing anyway.
== Info:   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
== Info:   Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
== Info:   Certificate level 2: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
== Info:   Certificate level 3: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
== Info: using HTTP/1.x
=> Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 6a                                  ....j
=> Send header, 90 bytes (0x5a)
0000: 47 45 54 20 2f 75 70 74 2f 31 2f 6d 72 2f 31 2f GET /upt/1/mr/1/
0010: 72 20 48 54 54 50 2f 31 2e 31 0d 0a 48 6f 73 74 r HTTP/1.1..Host
0020: 3a 20 31 30 2e 30 2e 30 2e 32 32 36 3a 38 30 38 : 10.0.0.226:808
0030: 31 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 63 1..User-Agent: c
0040: 75 72 6c 2f 38 2e 35 2e 30 0d 0a 41 63 63 65 70 url/8.5.0..Accep
0050: 74 3a 20 2a 2f 2a 0d 0a 0d 0a                   t: */*....
<= Recv SSL data, 5 bytes (0x5)
0000: 17 03 03 01 7e                                  ....~
<= Recv header, 17 bytes (0x11)
0000: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d HTTP/1.1 200 OK.
0010: 0a                                              .
<= Recv header, 37 bytes (0x25)
0000: 44 61 74 65 3a 20 54 68 75 2c 20 31 31 20 4a 75 Date: Thu, 11 Ju
0010: 6c 20 32 30 32 34 20 31 38 3a 33 37 3a 31 31 20 l 2024 18:37:11 
0020: 47 4d 54 0d 0a                                  GMT..
<= Recv header, 21 bytes (0x15)
0000: 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 Content-Length: 
0010: 32 35 34 0d 0a                                  254..
<= Recv header, 35 bytes (0x23)
0000: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 Content-Type: ap
0010: 70 6c 69 63 61 74 69 6f 6e 2f 73 65 70 2b 78 6d plication/sep+xm
0020: 6c 0d 0a                                        l..
<= Recv header, 2 bytes (0x2)
0000: 0d 0a                                           ..
<= Recv data, 254 bytes (0xfe)
0000: 3c 52 65 61 64 69 6e 67 0d 0a 20 20 20 20 20 78 <Reading..     x
0010: 6d 6c 6e 73 3d 22 75 72 6e 3a 69 65 65 65 3a 73 mlns="urn:ieee:s
0020: 74 64 3a 32 30 33 30 2e 35 3a 6e 73 22 0d 0a 20 td:2030.5:ns".. 
0030: 20 20 20 20 68 72 65 66 3d 22 2f 75 70 74 2f 31     href="/upt/1
0040: 2f 6d 72 2f 31 2f 72 22 3e 0d 0a 20 20 20 20 3c /mr/1/r">..    <
0050: 71 75 61 6c 69 74 79 46 6c 61 67 73 3e 30 31 3c qualityFlags>01<
0060: 2f 71 75 61 6c 69 74 79 46 6c 61 67 73 3e 0d 0a /qualityFlags>..
0070: 20 20 20 20 3c 74 69 6d 65 50 65 72 69 6f 64 3e     <timePeriod>
0080: 0d 0a 20 20 20 20 20 20 20 20 3c 64 75 72 61 74 ..        <durat
0090: 69 6f 6e 3e 31 3c 2f 64 75 72 61 74 69 6f 6e 3e ion>1</duration>
00a0: 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 61 72 74 ..        <start
00b0: 3e 31 37 32 30 37 32 33 30 33 30 3c 2f 73 74 61 >1720723030</sta
00c0: 72 74 3e 0d 0a 20 20 20 20 3c 2f 74 69 6d 65 50 rt>..    </timeP
00d0: 65 72 69 6f 64 3e 0d 0a 20 20 20 20 3c 76 61 6c eriod>..    <val
00e0: 75 65 3e 2d 36 30 33 38 3c 2f 76 61 6c 75 65 3e ue>-6038</value>
00f0: 0d 0a 3c 2f 52 65 61 64 69 6e 67 3e 0d 0a       ..</Reading>..
== Info: Connection #0 to host 10.0.0.226 left intact
5

This is what I got from the --trace in configuration.yaml command_line

OpenSSL/3.3.1: error:0A000410:SSL routines::ssl/tls alert handshake failure

But I’ve googled this error for days and cant find a solution.

I can’t find the openssl error catalogue.

It’s the same error I get when I ssh into the system with putty and also from the web ssh terminal from Advanced SSH & Web Terminal

Maybe it’s a ssh problem. ???

[core-ssh config]$ cd /
[core-ssh /]$ find . -name troubleshoot -print
./homeassistant/troubleshoot
[core-ssh /]$ cat /homeassistant/troubleshoot
== Info:   Trying 10.0.0.226:8081...
== Info: Connected to 10.0.0.226 (10.0.0.226) port 8081
== Info: ALPN: curl offers h2,http/1.1
== Info: Cipher selection: ECDHE-ECDSA-AES128-CCM8
=> Send SSL data, 5 bytes (0x5)
0000: 16 03 01 02 00                                  .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: 01 00 01 fc 03 03 22 16 df 7a 66 20 68 80 77 38 ......"..zf h.w8
0010: b4 2e 21 3e 6f 82 c2 9e ee d0 89 74 d9 de e3 a9 ..!>o......t....
0020: 4f 1b 2f fd d7 f1 20 61 0e 4c 3e 63 d3 b2 18 54 O./... a.L>c...T
0030: d2 1c 4b 90 dd d1 dd 25 7c c0 37 ab b4 18 89 7e ..K....%|.7....~
0040: 36 fa be 80 32 d5 77 00 08 13 02 13 03 13 01 00 6...2.w.........
0050: ff 01 00 01 ab 00 0b 00 04 03 00 01 02 00 0a 00 ................
0060: 16 00 14 00 1d 00 17 00 1e 00 19 00 18 01 00 01 ................
0070: 01 01 02 01 03 01 04 00 10 00 0e 00 0c 02 68 32 ..............h2
0080: 08 68 74 74 70 2f 31 2e 31 00 16 00 00 00 17 00 .http/1.1.......
0090: 00 00 31 00 00 00 0d 00 30 00 2e 04 03 05 03 06 ..1.....0.......
00a0: 03 08 07 08 08 08 1a 08 1b 08 1c 08 09 08 0a 08 ................
00b0: 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 ................
00c0: 01 03 02 04 02 05 02 06 02 00 2b 00 05 04 03 04 ..........+.....
00d0: 03 03 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d ...-.....3.&.$..
00e0: 00 20 fe 4b ee 8e dd b6 ee 27 f0 9f cc 8f a3 a6 . .K.....'......
00f0: b9 cb 5e 51 28 6b 7a 3f b7 9a 5a b2 66 f9 e1 03 ..^Q(kz?..Z.f...
0100: 08 43 00 15 00 fa 00 00 00 00 00 00 00 00 00 00 .C..............
0110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
<= Recv SSL data, 5 bytes (0x5)
0000: 15 03 03 00 02                                  .....
== Info: TLSv1.3 (IN), TLS alert, handshake failure (552):
<= Recv SSL data, 2 bytes (0x2)
0000: 02 28                                           .(
== Info: OpenSSL/3.3.1: error:0A000410:SSL routines::ssl/tls alert handshake failure
== Info: Closing connection
6

Everyone is on the right track here. The new openSSL version that was recently bumped seems to have removed a lot of ciphers from availability. The one required in this setup is “ECDHE-ECDSA-AES128-CCM8”. You can ask openssl to list those that are available like in my image. You’ll want to notice that this is a TLS 1.2 cipher. If you force curl to only use 1.2 (vs negotiation down after the first server call which normally tries the highest first…tls 1.3), and specify the cipher “ECDHE-ECDSA-AES128-CCM8” it will point blank tell you “nope…it ain’t there”.

image
image1694×120 38 KB

7

Thanks for the info! My quick follow-on question would be why does entering this same command in the terminal still work?

I’ll have to do some digging on why I was originally using that cypher, but it might have come from the documentation for the energy meter.

Thanks again for the info!

8

It’s a separate container.

1 Like
9

Thanks Nic,

I specified a --tlsv1.2 in the curl and that didn’t help, probably because as you say, it was removed in the version of openSSL

Is there a way to find a cipher that works?

I also tried changing the cipher to TLS_AES_128_GCM_SHA256, and that didn’t work.

I checked to see if the cipher was created in the certificate. It isn’t.

I don’t know much about openssl

This is how the certificate was created:

openssl req -x509 -nodes -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -keyout key.pem -out cert.pem -sha256 -days 1094 -subj '/CN=MeterReaderHanClient' -addext "certificatePolicies = critical,1.3.6.1.4.1.40732.2.2" -addext "keyUsage = critical,digitalSignature"


 ➜  homeassistant OPENSSL_CONF=/config/xcelcerts/myown/openssl.cnf /usr/bin/curl curl \
--tlsv1.2 --ciphers ECDHE-ECDSA-AES128-CCM8 --trace troubleshoot --insecure \
--url https://10.0.0.226:8081/upt/1/mr/1/r --cert /config/xcelcerts/myown/cert.pem --key /config/xcelcerts/myown/key.pem
curl: (6) Could not resolve host: curl
curl: (35) OpenSSL/3.3.0: error:0A000410:SSL routines::ssl/tls alert handshake failure

➜  homeassistant OPENSSL_CONF=/config/xcelcerts/myown/openssl.cnf /usr/bin/curl curl \
--tlsv1.2 --ciphers TLS_AES_128_GCM_SHA256 --trace troubleshoot --insecure \
--url https://10.0.0.226:8081/upt/1/mr/1/r --cert /config/xcelcerts/myown/cert.pem --key /config/xcelcerts/myown/key.pem
curl: (6) Could not resolve host: curl
curl: (59) failed setting cipher list: TLS_AES_128_GCM_SHA256
10

OK! I fixed it. (FYI to @wptracy) We can update the bug report saying any actions are unnecessary now. Basically, I figured out the new OpenSSL at 3.3.0 changed a few things. The cipher required for Xcel meters got put in a lower security class. Want to find out? Plug this into your SSH session on HA.

bash -c 'DEFAULT_SECLEVEL="$(openssl ciphers -s -v ALL | wc -l)"
    for ((i=0;i<=5;i++)); do 
        EVAL_SECLEVEL="$(openssl ciphers -s -v ALL:@SECLEVEL=${i} | wc -l)"
        echo -n "Security Level ${i} : Available Ciphers = ${EVAL_SECLEVEL}"
        [[ ${SEMA} != "TRUE" ]] && [[ ${EVAL_SECLEVEL} -eq ${DEFAULT_SECLEVEL} ]] \
            && echo " (DEFAULT_LEVEL) " \
            && SEMA="TRUE" \
            || echo
        openssl ciphers -s -v ALL:@SECLEVEL=${i} | grep -q "ECDHE-ECDSA-AES256-CCM8" \
            && echo "  >> REQUIRED CIPHER FOUND IN LEVEL ${i}"
    done
'

To make the change required, do the following in your openssl.cnf that is referenced during the curl command. No other changes are required to the curl command or sensor.

openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyServerConnect
CipherString = DEFAULT@SECLEVEL=0

image

So, in my case the cnf file was being referenced like this… (/config/HelperScripts/Xcel-openssl.cnf)

OPENSSL_CONF=/config/HelperScripts/Xcel-openssl.cnf /usr/bin/curl --ciphers ECDHE-ECDSA-AES128-CCM8 --insecure -v --url https://XXX.XXX.XXX.XXX:8081/upt/1/mr/3/r --cert /config/HelperScripts/Xcel-Cert.pem --key /config/HelperScripts/Xcel-Key.pem
4 Likes
11

^ This… The container that runs the script is different. It has a different (higher) version of OpenSSL/cURL installed.

1 Like
12

@Nic3Quick

You are a genius, Thanks!!!

It worked.

1 Like
13

Nic, thanks for your help. That one line in the openssl.cnf file did the trick for me. I will past your post along to anyone else I find!

1 Like
14

If anyone stumbles upon this, I’ll drop a useful bit I created a while back for diagnosing things in HA (containerized). I wrote a little shell script that you can source and get a few new functions. The one that is useful here is “FX_LoginContainer”. Makes it easy to get into the shell of a container. :slight_smile:

image

4 Likes
15

Thanks @Nic3Quick

1 Like
16

Thank you for digging in and solving this! Fixed my Xcel problem too, and I’m back online with 2024.7.2.

2 Likes
17

@Nic3Quick

How do you execute this script?

Downloads # ./HAHelper.sh
Downloads # sh HAHelper.sh
HAHelper.sh: line 132: syntax error: unexpected “(” (expecting “}”)
Downloads # ./HAHelper.sh FX_GetSelection
Downloads # bash HAHelper.sh
Downloads # ls -l
total 12
-rwxr-xr-x 1 root root 10616 Jul 12 05:12 HAHelper.sh
Downloads #

18

It’s a bash sourced environment script. I’ll put up a README for it, but here is a bootstrapper for you @wptracy. Just paste this into the command line of the login shell. It will ensure BASH is actually present and used (per /etc/passwd) so the sourcing of the env can be done (this was the error you saw). It will source the env each time you login thereafter. Type “FX” at the prompt with a few tabs to see what functions are made available.

    ! grep -q "HAHelper_Bootstrapper" "${MOTD:=/etc/profile.d/show_motd.sh}" 2>/dev/null \
        && apk add bash \
        && sed -i 's|^\(root:.*:/bin/\)sh$|\1bash|' /etc/passwd \
        && echo -e '\nsource <([ ! -f '"${HAHELPER:=/etc/profile.d/HAHelper.sh}"' ] \
            && curl -s https://raw.githubusercontent.com/NicFragale/HA-NetFoundry/main/HAHelper.sh -o '"${HAHELPER}"' \
            && cat '"${HAHELPER}"' \
            || cat '"${HAHELPER}"') # HAHelper_Bootstrapper
        ' >> "${MOTD}" \
        && echo ">SUCCESS - LOGOUT AND LOGIN AGAIN<" \
        || echo ">ERROR<"
1 Like
19

Thanks Nic

20

-bash: docker: command not found

root@core-ssh ~/config/Downloads> FX_
FX_ColorText               FX_GetResponse
FX_ContainerMod            FX_GetSelection
FX_GetContainerNetworking  FX_GetYorN
FX_GetContainers           FX_LoginContainer
root@core-ssh ~/config/Downloads> FX_GetContainers
-bash: docker: command not found
root@core-ssh ~/config/Downloads> docker
-bash: docker: command not found
(127) root@core-ssh ~/config/Downloads> ha docker

The docker command provides command-line tools to control the host docker that
Home Assistant is running on. It allows you to do things like use private OCI registries.

Usage:
  ha docker [command]

Aliases:
  docker, do

Examples:

  ha docker info
  ha docker registries

Available Commands:
  info        Shows information about the host docker backend
  registries  Manage private OCI docker registry

Flags:
  -h, --help   help for docker

Global Flags:
      --api-token string   Home Assistant Supervisor API token
      --config string      Optional config file (default is $HOME/.homeassistant.yaml)
      --endpoint string    Endpoint for Home Assistant Supervisor (default is 'supervisor')
      --log-level string   Log level (defaults to Warn)
      --no-progress        Disable the progress spinner
      --raw-json           Output raw JSON from the API

Use "ha docker [command] --help" for more information about a command.
root@core-ssh ~/config/Downloads


root@core-ssh ~/config/Downloads> FX_Get
FX_GetContainerNetworking  FX_GetSelection
FX_GetContainers           FX_GetYorN
FX_GetResponse
root@core-ssh ~/config/Downloads> FX_GetContainerNetworking
-bash: docker: command not found
[INFO      ] Which container?
1) QUIT
2) ALL
#? > 2
root@core-ssh ~/config/Downloads> env
SHELL=/bin/bash
CHARSET=UTF-8
PWD=/root/config/Downloads
LOGNAME=root
TZ=America/Denver
HOME=/root
LANG=C.UTF-8
SSH_CONNECTION=10.0.0.55 56762 172.30.33.1 22
TERM=xterm
USER=root
SUPERVISOR_TOKEN=61346d9e64a50a38c6d8c4f9c8c086b323414b0dc9071d116993b708ae1705a43b52dbff585d4e53a062b41e94c2a4ce114b450c937fd376
SHLVL=1
PAGER=less
PS1=$(RC=$?; if [[ ${RC} == 0 ]]; then echo "\[\e[1;92;40m\]\u@\h \w>"; else echo "(${RC}) \[\e[1;91;40m\]\u@\h \w>"; fi)\[\e[0;0m\]
SSH_CLIENT=10.0.0.55 56762 22
LC_COLLATE=C
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
MAIL=/var/mail/root
SSH_TTY=/dev/pts/0
1 Like
21

AH - You are using CoreSSH and not the Advanced SSH addon. Core doesn’t have access to Docker like Advanced does. I’ll make note to update that in the sourcing of the env. Replace Core with Advanced if you wanted more functionality like this. Go to the addon store and search for it like this.

image

22

I am using the Advanced SSH & Web Terminal.

I use putty to get into it.

I also tried this with/without zsh option

with zsh turned off, it gives me the core-ssh prompt.

Well, wait a minute,

I turned zsh back on and now when I ssh and login to the terminal,
I get this:

login as: root
[email protected]'s password:
Error: unknown command "bannersource" for "ha"
Run 'ha --help' for usage.
FATA[0000] Error while executing rootCmd: unknown command "bannersource" for "ha"
~ #

and I can’t execute FX_

Now I tried something else,

I did this from the Web window for Advanced SSH and it works.

Error: unknown command "bannersource" for "ha"
Run 'ha --help' for usage.
FATA[0000] Error while executing rootCmd: unknown command "bannersource" for "ha" 
➜  ~ FX_GetContainers
PROTECTION MODE ENABLED!

To be able to use this command, you'll need to disable
protection mode on this add-on. Without it, the add-on
is unable to access Docker.

Steps:
 - Go to the Settings Panel.
 - Enter the 'Add-ons' menu.
 - Click on the Advanced SSH & Web Terminal add-on.
 - Set the 'Protection mode' switch to off.
 - Restart the add-on.

Access to Docker allows you to do really powerful things
including complete destruction of your system.
Please, be sure you know what you are doing before enabling
this feature!

➜  ~
23

Yep. Small bug in the bootstrapper as well as the requirement to be able to access docker. I updated the script above and put it into the revised env at Github. Once protection mode is turned off, you can just restart the addon and paste it in again.