curl-users
Re: SSL Error connecting to cia.gov
Date: Tue, 23 Oct 2007 14:29:59 -0400
Thanks! I will take my inquiry to the OpenSSL list.
-Jake
Zvi Har'El wrote:
> This is apparently has nothing to do with curl. I got the same
> intermittent errors with lynx, w3m, wget, you name it. I am using
> OpenSSL 0.9.8g 19 Oct 2007.
>
> On 23/10/07 18:27, Jake Goulding wrote:
>
>> Hey all:
>>
>> We use curl to retrieve webpages, and recently started receiving an
>> intermittent (40-60% of the time) error when retrieving a page from the
>> CIA. About two weeks ago, they switched to running https only, with the
>> http URLs being forwarded to the https equivalents.
>>
>> The error we receive is:
>>
>> $ curl 'https://www.cia.gov/about-cia/faqs/'
>> curl: (35) Unknown SSL protocol error in connection to www.cia.gov:443
>>
>> Using the --trace option, I see this:
>>
>> == Info: About to connect() to www.cia.gov port 443 (#0)
>> == Info: Trying 198.81.129.100... == Info: connected
>> == Info: Connected to www.cia.gov (198.81.129.100) port 443 (#0)
>> == Info: successfully set certificate verify locations:
>> == Info: CAfile: /etc/ssl/certs/ca-certificates.crt
>> CApath: none
>> == Info: SSLv2, Client hello (1):
>> => Send SSL data, 124 bytes (0x7c)
>> 0000: 01 03 01 00 63 00 00 00 10 00 00 39 00 00 38 00 ....c......9..8.
>> 0010: 00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00 .5..............
>> 0020: 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f .........3..2../
>> 0030: 00 00 45 00 00 44 00 00 41 00 00 07 05 00 80 03 ..E..D..A.......
>> 0040: 00 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00 ................
>> 0050: 12 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08 ......@.........
>> 0060: 00 00 06 04 00 80 00 00 03 02 00 80 c9 f7 89 ff ................
>> 0070: 74 f1 92 59 c8 a0 f1 ba ab c0 dd 89 t..Y........
>> == Info: Unknown SSL protocol error in connection to www.cia.gov:443
>> == Info: Closing connection #0
>>
>> Unfortunately, I don't grok SSL hex :-).
>>
>> I have tried this and received the same error with the following versions:
>> curl-7.12.1-8.rhel4 / openssl-0.9.7a-43.14
>> curl-7.12.1-11.el4 / openssl-0.9.7a-43.16
>> curl-7.16.1 / openssl-0.9.8e
>> curl-7.17.0 / openssl-0.9.8f
>>
>> Firefox does not seem to have any issues with this page.
>>
>> Any help would be greatly appreciated. Please let me know if I can
>> provide more information.
>>
>> Thanks!
>>
>> -Jake
>>
>
Received on 2007-10-23