Photoshop API SSL error server-to-server

When you are trying to connect photoshop to the authorization service from a remote server, that is located in Germany and getting an SSL handshake error and this error is occurs when a secure connection between a server and a client fails to establish.During an SSL handshake the client & server establish an encryption connection and use digital certificates to verify each other’s identities. 

The most common reasons are certificate errors, incompatible protocols or cipher suites, incorrect server name indication (SNI), Firewall or NAT issues, time synchronization errors, new plugins or extensions that have been installed, and Malware or virus infections, etc. The different ways to fix the error solution is as:-

1.Correct the System Date and Time

2. Update Your Web Browser

3. Check that your browser supports the most recent TLS protocol

4. Check whether the certificate is valid or not

5. Check Your Server Configuration

6. Use Compatible Ciphers

I hope it helps!

It appears that you are having an SSL problem while attempting to connect to the Adobe authorization service from your remote server in Germany (Note: Location Mentioned As Per Question). The error indicates that there was an issue with the SSL handshake during the connection attempt.

Here are some steps you can use to troubleshoot and resolve the problem:

Check SSL/TLS Versions:

Make that your Python environment on the remote server supports the SSL/TLS versions required by the Adobe authorization service. You may need to update your Python version or alter your SSL/TLS settings.

Verify CA Certificates:

Confirm that your server's CA certificates are up to current. The error notice indicates that the certificate locations have been correctly set, but it is still a good idea to check for any issues with the CA certificates.

Check Server Connectivity:

To test connectivity to the Adobe authorization service, run the curl command. Based on the information you supplied, it appears that there may be an issue connecting to ims-na1.adobelogin.com. Check that your server can access Adobe's servers and that there are no network difficulties.

Firewall and Security Software:

Check that your server's outgoing connections are not being blocked by firewalls or other security tools. Check the server-side and network-level firewalls to make sure they are not interfering.

Verify IP Whitelisting:

Some services, such as Adobe, may require IP whitelisting in order to communicate with other servers. Confirm that your server's IP address (91.107.225.32) is whitelisted by Adobe Side.

SSL Debugging:

Enable SSL debugging in Python to obtain more information about the SSL handshake procedure. You can accomplish this by setting the PYTHONHTTPSVERIFY environment variable to zero before initiating the request. This can provide extra information about the SSL error.

----------------------------

Python Code:

import os
os.environ['PYTHONHTTPSVERIFY'] = '0'

----------------------------

Add this code before making the request, and then check the additional output for any SSL-related problems.

Contact Adobe Support:

If the problem persists, consider contacting Adobe support for help. They may have specific tips or insights into the mistake you're experiencing.

Remember to apply modifications carefully, especially when altering SSL/TLS configurations, and to ensure that your activities are consistent with security best practices.

-------------------------------------------------------------

To know more about SSL Handshake Errors 525 check the Blog:
https://www.cheapsslshop.com/blog/how-to-fix-ssl-handshake-failed-error-code-525  

-------------------------------------------------------------

Honestly I wouldn't know what to suggest outside of Googling, for example: https://stackoverflow.com/questions/45300911/curl-35-openssl-ssl-connect-ssl-error-syscall-in-connection-to-domain-com44. There is an internal Slack for our service, will try to raise this here and see. 

Let me make it clear that the main service is available and responding, everything is fine.
Any other vendor works as well.

The only problem is with the authorization service because it cuts the connection.
If the problem is on our side, please specify what can cause it?

That's weird. But I have to say, if it works for one machine, and not the other, the problem has to be on your end somehow, right? (To be clear, not trying to deflect the blame here, but technically it does seem as if it's something machine specific.)

No proxy or VPN, the scheme is standard:
Load balancer -> nginx ingress -> service.
At the same time on another server in our Kubernetes cluster works fine without problems
But note that they do not respond to only one server!

Cool, and is there any kind of proxy or vpn involved?

Yes, we can't make a request via curl.
This problem is only in the service for obtaining an authorization token. 
On other requests, they send us a code 400, etc..., that there is no authorized token when sending the request.
(i.e. everything works as it should)

Also, are you behind a proxy server?

I want to make sure I'm reading right - so you can't even do a curl w/o an error?