curl-users
SSLv2 still being used in 7.19.2?
Date: Tue, 10 Feb 2009 18:37:14 -0800 (PST)
I thought SSLv2 was disabled from 7.18.1 onwards
The following trace shows SSLv2 being used for the initial handshake
did I miss something?
curl https://www.chinatrust.com.tw -v
* About to connect() to www.chinatrust.com.tw port 443 (#0)
* Trying 203.66.181.190... connected
* Connected to www.chinatrust.com.tw (203.66.181.190) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /usr/share/curl/ca-bundle.crt.20081031
CApath: none
* SSLv2, Client hello (1):
* error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
* Closing connection #0
curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
BTW, everything works fine if I force SSLv3 as in:
curl https://www.chinatrust.com.tw -v -3
Regards
FB
-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-02-11