cURL / Mailing Lists / curl-users / Single Mail

curl-users

Curl outputs SSL23_GET_SERVER_HELLO

From: Robert Banfield <rbanfield_at_weogeo.com>
Date: Thu, 25 Mar 2010 17:15:42 -0400

The basic premise of this is that after upgrading our webserver to
Fedora 12 which uses openssl 1.0.0 beta 4, our curl client can no longer
complete the ssl handshake unless it is also compiled with openssl 1.0.0
beta 4. Though this might immediately sound like an openssl problem,
there are some oddities...

In all the tests I'm including below, the curl version used is 7.20.0.
It's worth noting though that I have tried some versions of 7.19.x and
found the same behavior. I've also tried older versions of SSL
0.9.8(k-m) on the client with similar results. My client is compiled by
me using the same configure flags for each version, and the server
versions are from Fedora rpms.

Client1: Fedora 12, Curl=7.20.0, SSL=0.9.8n
Client2: Fedora 12, Curl=7.20.0, SSL=1.0.0beta4
Server1: Fedora 10, Apache=2.2.14, SSL=0.9.8g
Server2: Fedora 12, Apache=2.2.14, SSL=1.0.0beta4

Test using "curl -k https://..."

(Client1 -> Server1) WORKS
(Client2 -> Server1) WORKS
(Client1 -> Server2) curl: (35) error:14077458:SSL
routines:SSL23_GET_SERVER_HELLO:reason(1112)
(Client2 -> Server2) WORKS

Test using "openssl s_client -connect ...:443"

(Client1 -> Server1) WORKS
(Client2 -> Server1) WORKS
(Client1 -> Server2) WORKS
(Client2 -> Server2) WORKS

Test using "openssl s_client -connect ...:443 -ssl2"
(Client1 -> Server1) 2060:error:1407F0E5:SSL routines:SSL2_WRITE:ssl
handshake failure:s2_pkt.c:428:
(Client2 -> Server1) WORKS
(Client1 -> Server2) 2069:error:1407F0E5:SSL routines:SSL2_WRITE:ssl
handshake failure:s2_pkt.c:428:
(Client2 -> Server2) WORKS

Test using "openssl s_client -connect ...:443 -ssl3"
(Client1 -> Server1) WORKS
(Client2 -> Server1) WORKS
(Client1 -> Server2) WORKS
(Client2 -> Server2) WORKS

I was almost excited when forcing the use of ssl2 caused Client1 to fail
communicating to Server2, but that was tempered when Client1 also failed
to communicate to Server1 using only ssl2. Client1 completes the
handshake just fine though when not forcing the use of ssl2.

Here's the verbose output of when Client1 connects to Server2 using curl
and fails:

* About to connect() to [] port 443 (#0)
* Trying []... connected
* Connected to [] ([]) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112)
* Closing connection #0
curl: (35) error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112)

I'm happy to provide any further assistance that I can in beating this.
Please let me know what else I can do.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-03-25

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Curl outputs SSL23_GET_SERVER_HELLO"
Previous message: curl project: "xml post problem"
Next in thread: Daniel Stenberg: "Re: Curl outputs SSL23_GET_SERVER_HELLO"
Reply: Daniel Stenberg: "Re: Curl outputs SSL23_GET_SERVER_HELLO"
Reply: Kamil Dudka: "Re: Curl outputs SSL23_GET_SERVER_HELLO"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]