#2548 SSL connect error

[Gabriele Garuglieri]

The version of the Update Wizard now in the repository is no longer able to connect to repositories and fails with the following message (the example is for 64 bits, but the 32 bits behaves the same):

INFO  Update - starting: Update Wizard (MiKTeX 2.9.6100 64-bit)
INFO  FileCopyPage - 
INFO  FileCopyPage - Error: SSL connect error

For the history of the problem prese refer to
http://tex.stackexchange.com/questions/339105/miktex-update-wizard-cannot-connect-after-installing-november-package-refactori

The installers have been repackaged today, but launching the wizard after installing either basic-miktex-2.9.6161-x64.exe or basic-miktex-2.9.6161.exe will fail with the above messages.

Trying to install either with setup-2.9.6100-x64.exe or setup-2.9.6100.exe will fail at the very beginning with SSL connect error as soon as the installer tries to download the mirrors list.

[Gabriele Garuglieri]

I traced as you requested and the results are attached.
Here follow some explanation about.

I run miktex-update_admin.exe, the trace is called miktex-update_admin.LOG and apparently there are no errors.
I see a couple of downloads from the mirror (ctan.mirror.garr.it, i tried other mirrors with same results):

GET /mirrors/CTAN/systems/win32/miktex/tm/packages/miktex-zzdb2-2.9.tar.lzma HTTP/1.1
file download omitted...
HTTP/1.1 200 OK  (text/plain)

GET /mirrors/CTAN/systems/win32/miktex/tm/packages/miktex-zzdb1-2.9.tar.lzma HTTP/1.1
file download omitted...
HTTP/1.1 200 OK  (text/plain)

Everything looks to be going well so, even if EACH interaction with api2.miktex.org ends with a TLS Encrypted Alert in the end it may be of no significance since things seems to keep going. I cannot tell what information is carrying the alert since only you have the key to decrypt it.
So may be the popup that says there are no available updates tells the truth. You know the state of repository and can tell if this is correct respect to the package i installed and if the update wizard is working correctly again.

I run setup-2.9.6100-x64.exe selection option to download a distribution, either basic or full give same results, and the trace is called setup-2.9.6100-x64.LOG and also here seems to be no errors.
As you see from the log ,https://api2.miktex.org/repositories?&releaseState=Stable is downloaded with 200.
Indeed in the network trace i see encrypted frames coming from the server and again the connection is closed with a TLS Encrypted Alert.
What instead may be a problem is that after that download everything stops. No more activity on the network, and the dialog stays there forever, motionless, with only two options Back or Cancel.

I'm sorry i cannot provide also the network traces because right now i'm working within a corporate intranet and since i had to check that nothing in the intranet security infrastructure was tampering the connections, the traces contain also sensitive data. If you need it i may try to hack a filter to keep out unwanted info.

[Christian Schenk]

Thank you. There are currently no updates. I will update some packages and tomorrow we can see what happens.

[Gabriele Garuglieri]

Good morning Christian.
I can confirm that now, both the update wizard and the net installer are working again.
Thank you for your support and for putting up with my insistence.

My best regards, Gabriele

[Mike Torrence]

Is there something special that must be done to get this working? Still no change for me.

[Gabriele Garuglieri]

Hi Mike, if you updated an installation done prior of those packaged on 11/15/2016, before the update is complete, you have to follow the procedure in November package refactoring page.

Nonetheless this november change is so pervasive that, as you can read in the Stack exchange description pointed in the first page of this bug, there are chances that you can end with a screwed up installation, even if you get NO error message during update, as i experienced on my second try.

So my advice would be, first, if you didn't yet tried it, to follow the above post update procedure. Then if you still have problems i think it's best that you uninstall, reinstall with a freshly downloaded package and if the certificate is corrrectly installed everything should work again.
That's what i had to do and now i'm happily texing again.

[Mike Torrence]

I did a complete unistall and reinstall, no change:

2016-11-21 08:17:46,989-0500 INFO Update - starting: Update Wizard (MiKTeX 2.9.6100 64-bit)
2016-11-21 08:17:51,501-0500 INFO FileCopyPage -
2016-11-21 08:17:51,502-0500 INFO FileCopyPage - Error: SSL connect error

[Eric Shields]

I uninstalled MikTex, downloaded setup-2.9.6100-x64.exe, and ran it. I give it my proxy information, select "download" and "complete distribution". I then get a "MikTeX Setup Wizard" dialog box that says "The operation could not be completed for this following reason: SSL connect error". Hence I am unable even to download. DST Root CA X3 is listed in Trusted Root Certification Authorities for IE 11.0.9600.18524.

Any suggestions? All I can do for now is re-install 2.9.5872 and not update it.

For what it's worth, I'm running Windows 7 SP1 x64.

[Peter Alexander]

Same here, after updating an older version (2.9.6050) to the newest version or after installing the newest version fresh from the website (miktex-portable-2.9.6161), I get the SSL connect error whenever I try to run the update-wizzard.
I made sure to have the DST Root CA X3 certificate in the Trusted Root Certification Authorities ("Vertrauenswürdige Stammzertifizierungsstellen").

Nothing has been changed on my system security wise between the older working version and the newest version. Win 10 x64

[Christian Schenk]

If you are affected by the SSL isue: Post a comment if you have info:

1) a DebugView trace
2) visit https://api2.miktex.org and note your observations
3) are you behind a proxy?

[Mike Torrence]

1) Here is the content of the dbjview:

00000001 0.00000000 [12732] INFO Update - starting: Update Wizard (MiKTeX 2.9.6100 64-bit)
00000002 7.88196468 [12732] INFO FileCopyPage -
00000003 7.88207626 [12732] INFO FileCopyPage - Error: SSL connect error

2) I get something about a Short Story

[Christian Schenk]

Thank you, Mike Torrence.

The DebugView trace does not contain much info. Have you set MIKTEX_TRACE as described earlier in this trace?

[Mike Torrence]

Here is a much more informative trace. I forgot to set MIKTEX_TRACE on the first one.

[Christian Schenk]

Thank you again. Are you behind a proxy?

[Mike Torrence]

Yes, I've always been behind a proxy. Up until this update, with no problems.

[Mike Torrence]

This looks like the same issue: https://curl.haxx.se/mail/lib-2016-03/0202.html

[Peter Alexander]

Here is my log.
I have no problems visiting https://api2.miktex.org (the page displays a short story), no warnings.
BTW I'm not behind a proxy.

Thank you!

[Eric Shields]

1. Attached is my log
2. "A Short Story" by A. U. Thor Once upon a time, in a distant galaxy called Ööç, there lived a computer named R. J. Drofnats. Mr. Drofnats—or ‟R. J.”, as he preferred to be called—was happiest when he was at work typesetting beautiful documents.
3. I am behind a proxy

[Christian Schenk]

A temporary work-around for this issue is available: it is possible to bypass the HTTPS remote service and use the CTAN multiplexor service (http://mirrors.ctan.org) instead. This can be achieved by setting an environment variable:

set MIKTEX_MPM_REMOTESERVICE6100=multiplexor

[Peter Alexander]

I can confirm that this temporary work-around is working. Thank you!

[Eric Shields]

The temporary work-around is working for me as well. Thanks!

[Ryan Gehmlich]

I can confirm this work-around is also working for me. Thanks!

[NETHeader]

I noticed two errors in the event viewer regarding "scannel":

Ereignis-ID 36888: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 552.

Ereignis-ID 36876: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092013. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Maybe not a bug of miktex, but rather of scannel?

Debug log is attached.
https://api2.miktex.org/ is displayed without warnings or errors within Firefox v50.0.2.
Freshly installed basic miktex (basic-miktex-2.9.6161-x64.exe), operating system is Win7 Ultimate 64bit SP1.

[James Blunt]

Update to:
* basic-miktex-2.9.6219-x64.exe

does not help either. Details see:
http://texwelt.de/wissen/fragen/19346/miktex-update-wizard-funktioniert-selbst-mit-quickfix-nicht