cURL / Mailing Lists / curl-users / Single Mail

curl-users

ssl handshake failure with xfb gateway ftps server

From: Gilles Hamel <hamelg_at_laposte.net>
Date: Mon, 20 Jul 2009 22:16:38 +0200

Hello,

We are trying to use curl ftps client with a xfb gateway server. Here is
the options we are using :

verbose
insecure
ftp-ssl
disable-epsv
ftp-pasv
tlsv1
url=ftp://bief.xxxx.fr/test.txt

None supported ssl stack (openssl, gnutls and nss) works : we get the
same error about handshake failure. Curl and the xfb gateway server give
us no clue about the issue, just 'handshake has failed' and nothing
about the root cause.
I suspect the private implementation of ssl stack on the server is not
fully compliant with modern open ssl stacks, but how to diagnose it ?

## with openssl stack
curl 7.19.5 (i686-pc-linux-gnu) libcurl/7.19.5 OpenSSL/0.9.8k zlib/1.2.3.3
Protocols: tftp ftp telnet dict http file https ftps
Features: IPv6 Largefile NTLM SSL libz

* About to connect() to bief.xxxx.fr port 21 (#0)
* Trying 81.255.99.99... connected
* Connected to bief.xxxx.fr (81.255.99.99) port 21 (#0)
< 220 Welcome to XFB Gateway FTP server
> AUTH SSL
< 234 AUTH command OK, waiting handshake
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
* Closing connection #0
curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert
handshake failure

## with gnutls
curl 7.19.5 (i686-pc-linux-gnu) libcurl/7.19.5 GnuTLS/2.8.1 zlib/1.2.3.3
libidn/1.15
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: IDN Largefile NTLM SSL libz

* About to connect() to bief.xxxx.fr port 21 (#0)
* Trying 81.255.99.99... connected
* Connected to bief.xxxx.fr (81.255.99.99) port 21 (#0)
< 220 Welcome to XFB Gateway FTP server
> AUTH SSL
< 234 AUTH command OK, waiting handshake
* found 142 certificates in /etc/ssl/certs/ca-certificates.crt
* gnutls_handshake() failed: A TLS fatal alert has been received.
* Closing connection #0
curl: (35) gnutls_handshake() failed: A TLS fatal alert has been received.

Thank you
-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-07-20