cURL / Mailing Lists / curl-users / Single Mail

curl-users

Support for SSL V2

From: <Gianpiero_Drovanti_at_fwceu.com>
Date: Wed, 26 Nov 2008 14:53:59 +0100

Dear All,

my corporate auditor is stating that my firewall supports SSL V2 which
reportedly suffers from numerous cryptographic flaws and has been
deprecated for several years.

According to my tests and to literature on my firewall this is not true but
my auditor showed me the following curl command output whch, frankly
speaking, I don't understand:

C:\Users\qzer\>curl -2 -k -vv https://xxx.xxx.xxx.xxx
* About to connect() to xxx.xxx.xxx.xxx port 443 (#0)
* Trying xxx.xxx.xxx.xxx... connected
* Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /usr/share/curl/curl-ca-bundle.crt
CApath: none
* SSLv2, Client hello (1):
* SSLv2, Server hello (4):
* SSLv2, Client key (2):
* SSLv2, Client finished (3):
* SSLv2, Server verify (5):
* SSLv2, Server finished (6):
* SSL connection using DES-CBC3-MD5
* Server certificate:
* subject: /O=checkpointmgm..reovye/CN=Checkpoint_cluster VPN
Certificate

* start date: 2004-03-31 08:51:18 GMT
* expire date: 2009-03-31 08:51:18 GMT
* common name: Checkpoint_cluster VPN Certificate (does not match
'xxx.xxx.xxx.xxx')
* issuer: /O=checkpointmgm..reovye
* SSL certificate verify result: unable to get local issuer certificate
(20), co
ntinuing anyway.
> GET / HTTP/1.1
> User-Agent: curl/7.16.3 (i686-pc-cygwin) libcurl/7.16.3 OpenSSL/0.9.8g
zlib/1.
2.3 libssh2/0.15-CVS
> Host: xxx.xxx.xxx.xxx
> Accept: */*
>
* Empty reply from server
* Connection #0 to host xxx.xxx.xxx.xxx left intact
curl: (52) Empty reply from server
* Closing connection #0

I there anybody that can explain me if my auditor succesfully connected to
my servers and give me an explanation for each lines of the command output
?

Thank you and best regards

--------------------------------------------------------------------------
NOTICE: this e-mail and any attachments thereto contain information, which is confidential, proprietary, privileged and/or protected from disclosure by intellectual property rights and are intended for the sole use of the recipient(s) named above. If you are not the intended recipient of this message you are hereby notified that any dissemination or copying of this message is strictly prohibited. If you have received this e-mail in error, please notify the sender either by telephone or by e-mail and delete the material from any computer. Although we attempt to sweep e-mail and attachments for viruses, it does not guarantee that either is virus-free and Foster Wheeler organization accept no liability for any damage sustained as a result of viruses.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2008-11-26

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Support for SSL V2"
Previous message: Daniel Stenberg: "Re: Digest authorized"
Next in thread: Daniel Stenberg: "Re: Support for SSL V2"
Reply: Daniel Stenberg: "Re: Support for SSL V2"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]