cURL error 56: OpenSSL SSL_read: Connection reset by peer, errno 104

Hi @satbeer, thanks for your message. I’d like to look into the details of the error 56 a little more if possible?

Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

Note: For the fastest response time, please make sure and add any information or questions directly to this topic and not the email address above unless asked.

Thanks,

Peter.

Sir i have sent you the report on the specified url with my username (satbeer) specified under it.You can check and tell me error sir that why the scan is not working.

Hi @satbeer, thanks for doing that.

I expected to see the cURL error 56 reflected in connecting to our servers or back to your site, but your diagnostic displays a success message for all critical connections.

Can you do the following so I can get the information I need to help you?

• Kill the existing scan if it is still running (The “Start New Scan” button turns in to a “Stop” button while the scan is running)
• Go to your Scan > Scan Options and Scheduling page and locate the “Performance Options”
  Set “Maximum execution time for each scan stage” to 20 on the options page
• Click to “Save Changes”
• Go to the Tools > Diagnostics page
• In the “Debugging Options” section check the circle “Enable debugging mode”
• Click to “Save Changes”.
• Start a new scan
• Copy the last 20 lines from the Log (click the “Show Log” link) or so of the activity log once the scan finishes and paste them in the post.

On occasion, this fixes it straight away. That’s because adding 20 for the “Maximum execution time for each scan stage” tells the scan to pause every 20 seconds and start again where it left off. If this fixes the issue and scans run again, you can leave all the settings above except for “Enable Debugging Mode”.

Thanks,

Peter.

Thanks for your response sir

After scanning i have get these lines in the log details:

[Jan 26 16:03:49] Quick Scan Complete. Scanned in less than 1 second.
[Jan 26 18:09:14] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=9521f4e1956ef7227567756151498fd40aa36da97f8c54ea17ae797ef549afb370240fba7462ecbb530755dc87fb7534df870a9c9682c3d501e8c8f5634147866a1a06936426aa76c9dc890cc3805cb3&s=eyJ3cCI6IjUuNiIsIndmIjoiNy40LjE0IiwibXMiOmZhbHNlLCJoIjoiaHR0cHM6XC9cL3JhaWxzdXZpZGhhLmNvbSIsInNzbHYiOjI2OTQ4ODI4NywicHYiOiI3LjMuMjYiLCJwdCI6ImNnaS1mY2dpIiwiY3YiOiI3Ljc0LjAiLCJjcyI6Ik9wZW5TU0xcLzEuMS4xaSIsInN2IjoiQXBhY2hlIiwiZHYiOiI1LjYuNDEtODQuMSJ9&betaFeed=0&action=timestamp
[Jan 26 18:10:01] Ajax request received to start scan.
[Jan 26 18:10:01] Entering start scan routine
[Jan 26 18:10:01] Got value from wf config maxExecutionTime: 20
[Jan 26 18:10:01] getMaxExecutionTime() returning config value: 20
[Jan 26 18:10:04] Test result of scan start URL fetch: array ( ‘headers’ => Requests_Utility_CaseInsensitiveDictionary::__set_state(array( ‘data’ => array ( ‘date’ => ‘Tue, 26 Jan 2021 18:10:02 GMT’, ‘server’ => ‘Apache’, ‘x-robots-tag’ => ‘noindex’, ‘x-content-type-options’ => ‘nosniff’, ‘expires’ => ‘Wed, 11 Jan 1984 05:00:00 GMT’, ‘cache-control’ => ‘no-cache, must-revalidate, max-age=0’, ‘x-frame-options’ => ‘SAMEORIGIN’, ‘referrer-policy’ => ‘strict-origin-when-cross-origin’, ‘upgrade’ => ‘h2,h2c’, ‘content-length’ => ’12’, ‘content-type’ => ‘text/html; charset=UTF-8’, ), )), ‘body’ => ‘WFSCANTESTOK’, ‘response’ => array ( ‘code’ => 200, ‘message’ => ‘OK’, ), ‘cookies’ => array ( ), ‘filename’ => NULL, ‘http_response’ => WP_HTTP_Requests_Response::__set_state(array( ‘response’ => Requests_Response::__set_state(array( ‘body’ => ‘WFSCANTESTOK’, ‘raw’ => ‘HTTP/1
[Jan 26 18:10:04] Starting cron with normal ajax at URL https://railsuvidha.com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&scanMode=custom&cronKey=dae7a66bc0ce6868869ac90e2acbf46d&signature=be9f95ff1fcb1dc1cc9a775ea9dcf320bafd5c0a40fbc97ead0ed107f6a1bda7
[Jan 26 18:10:05] Scan process ended after forking.
[Jan 26 18:10:05] Scan engine received request.
[Jan 26 18:10:05] Verifying start request signature.
[Jan 26 18:10:05] Fetching stored cronkey for comparison.
[Jan 26 18:10:05] Checking cronkey: dae7a66bc0ce6868869ac90e2acbf46d (expecting dae7a66bc0ce6868869ac90e2acbf46d)
[Jan 26 18:10:05] Checking saved cronkey against cronkey param
[Jan 26 18:10:05] Checking if scan is already running
[Jan 26 18:10:05] Using low resource scanning
[Jan 26 18:10:05] Requesting max memory
[Jan 26 18:10:05] Setting up error handling environment
[Jan 26 18:10:05] Setting up scanRunning and starting scan
[Jan 26 18:10:05] Contacting Wordfence to initiate scan
[Jan 26 18:10:05] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=9521f4e1956ef7227567756151498fd40aa36da97f8c54ea17ae797ef549afb370240fba7462ecbb530755dc87fb7534df870a9c9682c3d501e8c8f5634147866a1a06936426aa76c9dc890cc3805cb3&s=eyJ3cCI6IjUuNiIsIndmIjoiNy40LjE0IiwibXMiOmZhbHNlLCJoIjoiaHR0cHM6XC9cL3JhaWxzdXZpZGhhLmNvbSIsInNzbHYiOjI2OTQ4ODI4NywicHYiOiI3LjMuMjYiLCJwdCI6ImNnaS1mY2dpIiwiY3YiOiI3Ljc0LjAiLCJjcyI6Ik9wZW5TU0xcLzEuMS4xaSIsInN2IjoiQXBhY2hlIiwiZHYiOiI1LjYuNDEtODQuMSJ9&betaFeed=0&action=log_scan
[Jan 26 18:10:06] Got value from wf config maxExecutionTime: 20
[Jan 26 18:10:06] getMaxExecutionTime() returning config value: 20
[Jan 26 18:10:12] Total disk space: 1.79 TB — Free disk space: 1.09 TB
[Jan 26 18:10:12] The disk has 1139509.82 MB available
[Jan 26 18:10:12] Including files that are outside the WordPress installation in the scan.
[Jan 26 18:10:12] Getting plugin list from WordPress
[Jan 26 18:10:12] Found 21 plugins
[Jan 26 18:10:12] Getting theme list from WordPress
[Jan 26 18:10:12] Found 4 themes
[Jan 26 18:10:12] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=9521f4e1956ef7227567756151498fd40aa36da97f8c54ea17ae797ef549afb370240fba7462ecbb530755dc87fb7534df870a9c9682c3d501e8c8f5634147866a1a06936426aa76c9dc890cc3805cb3&s=eyJ3cCI6IjUuNiIsIndmIjoiNy40LjE0IiwibXMiOmZhbHNlLCJoIjoiaHR0cHM6XC9cL3JhaWxzdXZpZGhhLmNvbSIsInNzbHYiOjI2OTQ4ODI4NywicHYiOiI3LjMuMjYiLCJwdCI6ImNnaS1mY2dpIiwiY3YiOiI3Ljc0LjAiLCJjcyI6Ik9wZW5TU0xcLzEuMS4xaSIsInN2IjoiQXBhY2hlIiwiZHYiOiI1LjYuNDEtODQuMSJ9&betaFeed=0&action=get_known_files
[Jan 26 18:10:13] Using cached malware prefixes
[Jan 26 18:10:13] Fetching fresh core hashes
[Jan 26 18:10:13] Calling Wordfence API v2.26:https://noc1.wordfence.com/coreHashes.bin
[Jan 26 18:10:13] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=9521f4e1956ef7227567756151498fd40aa36da97f8c54ea17ae797ef549afb370240fba7462ecbb530755dc87fb7534df870a9c9682c3d501e8c8f5634147866a1a06936426aa76c9dc890cc3805cb3&s=eyJ3cCI6IjUuNiIsIndmIjoiNy40LjE0IiwibXMiOmZhbHNlLCJoIjoiaHR0cHM6XC9cL3JhaWxzdXZpZGhhLmNvbSIsInNzbHYiOjI2OTQ4ODI4NywicHYiOiI3LjMuMjYiLCJwdCI6ImNnaS1mY2dpIiwiY3YiOiI3Ljc0LjAiLCJjcyI6Ik9wZW5TU0xcLzEuMS4xaSIsInN2IjoiQXBhY2hlIiwiZHYiOiI1LjYuNDEtODQuMSJ9&betaFeed=0&action=record_scan_metrics
[Jan 26 18:10:13] Wordfence used 6 MB of memory for scan. Server peak memory usage was: 54.5 MB
[Jan 26 18:10:13] Scan terminated with error: There was an error connecting to the Wordfence scanning servers: cURL error 35: OpenSSL SSL_connect: Connection reset by peer in connection to noc1.wordfence.com:443

But Still sir i am getting the error.

The same problem I faced also including “rules update for the Wordfence Web Application Firewall was unsuccessful”.

I have the same problem on all 3 of my websites and have sent the Diagnostic Report for one of them. The forum name is vshukla.

Please help.

Hi @holidaystory17 & @vshukla,

Please start a new topic as per the forum guidelines and highlight that you have sent diagnostics to support it (if appropriate).

We can better help our customers if topics concentrate on the specific issues for a single user just in case there are differences in the server setups or the solution required. We’ll always be glad to help out!

Thanks,

Peter.

Hi @satbeer,

Thanks for your diagnostics and the additional scan information. It seems quite unusual that your diagnostics are able to connect successfully to the same address that is then reporting a cURL error during scan. Your OpenSSL version also seems to be up-to-date on the server.

If all subsequent scans are still failing with the same error, then please email the scan activity log to wftest @ wordfence . com using “EMAIL ACTIVITY LOG” whilst debugging mode is on, as that will give us as much inforomation as possible.

Thanks again,

Peter.

Hi @wfpeter. Noted. Am starting a separate thread.

Me too.

Thanks Again for your response @peter Sir.
I Have e-mailed you the activity log while the debugging mode is on as per your command.
With this you can tell me sir that why i am getting this Error in the plugin.

• This reply was modified 3 years, 10 months ago by satbeer.

Sir Its a request to you, Can you please reply on my topic.

Hi @satbeer, apologies for the delay, we have been seeing this issue coming in exclusively from your hosting provider so have been attempting to converse with them and other customers seeing the same thing to find suitable resolutions to this issue.

Please can you ask your host if they have an outbound proxy or firewall that might limit or close connections, because outbound connections (in your diagnostic) from your site to noc1.wordfence.com are intermittently failing. Please inform them that these Wordfence servers used to be in the range 69.46.36.0/27 and have recently changed, in case the host had previously whitelisted those and need to whitelist the new IPs, which are 75.2.79.124 and 99.83.193.37.

Thanks,

Peter.

I to this reply from My hosting provider.

__

I have checked the server and could see the Wordfence IPs (75.2.79.124 and 99.83.193.37) are not blocked on our server and can connect to the IPs from the server without any issues. Since your domain is hosted on one of our shared servers, it is not possible to whitelist the IPs on it.

Also, I have checked the domain and it is loading fine from my end.

Hi @holidaystory17,

Please start a new topic as per the forum guidelines and highlight the circumstances of your issue and what you have already tried to resolve it as seen here.

We can better help our customers if topics concentrate on the specific issues for a single user just in case there are differences in the server setups or the solution required. We’ll always be glad to help you.

Thanks,

Peter.