Cant Update Rules



  • When updating the rules I get an error saying that "OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.snort.org:443 "

    How can I proceed....?
    (New install)
    See full output below;

    Starting rules update...  Time: 2019-11-20 14:06:58
    	Downloading Emerging Threats Open rules md5 file...
    Starting rules update...  Time: 2019-11-20 14:07:01
    	Downloading Emerging Threats Open rules md5 file...
    	Emerging Threats Open rules md5 download failed.
    	Server returned error code 0.
    	Server error message was: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to rules.emergingthreats.net:443 
    	Emerging Threats Open rules will not be updated.
    	Downloading Snort VRT rules md5 file...
    	Emerging Threats Open rules md5 download failed.
    	Server returned error code 0.
    	Server error message was: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to rules.emergingthreats.net:443 
    	Emerging Threats Open rules will not be updated.
    	Downloading Snort VRT rules md5 file...
    	Snort VRT rules md5 download failed.
    	Server returned error code 0.
    	Server error message was: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.snort.org:443 
    	Snort VRT rules will not be updated.
    	Downloading Snort GPLv2 Community Rules md5 file...
    	Snort VRT rules md5 download failed.
    	Server returned error code 0.
    	Server error message was: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.snort.org:443 
    	Snort VRT rules will not be updated.
    	Downloading Snort GPLv2 Community Rules md5 file...
    	Snort GPLv2 Community Rules md5 download failed.
    	Server returned error code 0.
    	Server error message was: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.snort.org:443 
    	Snort GPLv2 Community Rules will not be updated.
    The Rules update has finished.  Time: 2019-11-20 14:09:59
    


  • Are you running any other packages such as Squid, SquidGuard or pfBlockerNG? If so, one of them could be the source of your issue.

    Are you running any other type of proxy? If so, check there.

    Your error message indicates the curl utility cannot open an SSL connection to the Snort rules site. That site is hosted on AWS infrastructure. Make sure you are not behind a VPN when attempting to update. Many VPN providers have their IP space blocked by many service providers.



  • Thank you so much (again:)...)
    It was the proxy that we use, my problem though was that I white-listed the wrong interface...


Log in to reply