cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Curl outputs SSL23_GET_SERVER_HELLO

From: Robert Banfield <rbanfield_at_weogeo.com>
Date: Fri, 26 Mar 2010 11:13:16 -0400

On 03/26/2010 10:44 AM, Daniel Stenberg wrote:
> On Thu, 25 Mar 2010, Robert Banfield wrote:
>
>> Here's the verbose output of when Client1 connects to Server2 using
>> curl and fails:
>
> If you try curl -3 (force SSLv3) on that failing case, does it make
> anything different?
>

I have done some more testing, and made some more observations. SSLv2
was disabled on the server and I have since enabled it. Upon doing so,
all the "openssl s_client" tests passed. The curl test still did *not*
pass though.

I also found and added the -1, -2, and -3 flags to my testing. By
specifying any one of them, the test using curl works fine. Leaving
them off generates the problem. It definitely appears to have something
to do with negotiating which SSL version to use.

I have went and started the debug level output on the server to find out
the difference between what curl w/ ssl-0.9.8, curl w/ ssl-1.0.0, and
openssl-1.0.0 are on the server side. Here's what I have:

First, the failing test with curl w/ ssl-0.9.8:

[Fri Mar 26 10:48:01 2010] [info] [client (redacted)] Connection to
child 1 established (server (redacted))
[Fri Mar 26 10:48:01 2010] [info] Seeding PRNG with 136 bytes of entropy
[Fri Mar 26 10:48:01 2010] [debug] ssl_engine_kernel.c(1861): OpenSSL:
Handshake: start
[Fri Mar 26 10:48:01 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: before/accept initialization
[Fri Mar 26 10:48:01 2010] [debug] ssl_engine_io.c(1873): OpenSSL: read
11/11 bytes from BIO#b8ca3c90 [mem: b8cbb908] (BIO dump follows)
(BIO dump removed)
[Fri Mar 26 10:48:01 2010] [debug] ssl_engine_io.c(1873): OpenSSL: read
110/110 bytes from BIO#b8ca3c90 [mem: b8cbb916] (BIO dump follows)
(BIO dump removed)
[Fri Mar 26 10:48:01 2010] [debug] ssl_engine_kernel.c(1988): [client
(redacted)] No matching SSL virtual host for servername found (using
default/first virtual host)
[Fri Mar 26 10:48:01 2010] [debug] ssl_engine_kernel.c(1879): OpenSSL:
Write: SSLv3 read client hello C
[Fri Mar 26 10:48:01 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: SSLv3 read client hello A
[Fri Mar 26 10:48:01 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: SSLv3 write server hello A
[Fri Mar 26 10:48:01 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: SSLv3 write certificate A
[Fri Mar 26 10:48:01 2010] [debug] ssl_engine_kernel.c(1269): [client
(redacted)] handing out temporary 1024 bit DH key
[Fri Mar 26 10:48:01 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: SSLv3 write key exchange A
[Fri Mar 26 10:48:01 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: SSLv3 write server done A
[Fri Mar 26 10:48:01 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: SSLv3 flush data
[Fri Mar 26 10:48:01 2010] [debug] ssl_engine_io.c(1884): OpenSSL: I/O
error, 5 bytes expected to read on BIO#b8ca3c90 [mem: b8cbb90b]
[Fri Mar 26 10:48:01 2010] [debug] ssl_engine_kernel.c(1898): OpenSSL:
Exit: error in SSLv3 read client certificate A
[Fri Mar 26 10:48:01 2010] [debug] ssl_engine_kernel.c(1898): OpenSSL:
Exit: error in SSLv3 read client certificate A
[Fri Mar 26 10:48:01 2010] [info] [client (redacted)] (104)Connection
reset by peer: SSL handshake interrupted by system [Hint: Stop button
pressed in browser?!]
[Fri Mar 26 10:48:01 2010] [info] [client (redacted)] Connection closed
to child 1 with abortive shutdown (server (redacted):443)

The successful test with "openssl s_client ..."

[Fri Mar 26 10:46:03 2010] [info] [client (redacted)] Connection to
child 0 established (server (redacted):443)
[Fri Mar 26 10:46:03 2010] [info] Seeding PRNG with 136 bytes of entropy
[Fri Mar 26 10:46:03 2010] [debug] ssl_engine_kernel.c(1861): OpenSSL:
Handshake: start
[Fri Mar 26 10:46:03 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: before/accept initialization
[Fri Mar 26 10:46:03 2010] [debug] ssl_engine_io.c(1873): OpenSSL: read
11/11 bytes from BIO#b8ca3c90 [mem: b8cbb908] (BIO dump follows)
(BIO dump removed)
[Fri Mar 26 10:46:03 2010] [debug] ssl_engine_io.c(1873): OpenSSL: read
116/116 bytes from BIO#b8ca3c90 [mem: b8cbb913] (BIO dump follows)
(BIO dump removed)
[Fri Mar 26 10:46:03 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: SSLv3 read client hello A
[Fri Mar 26 10:46:03 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: SSLv3 write server hello A
[Fri Mar 26 10:46:03 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: SSLv3 write certificate A
[Fri Mar 26 10:46:03 2010] [debug] ssl_engine_kernel.c(1269): [client
(redacted)] handing out temporary 1024 bit DH key
[Fri Mar 26 10:46:03 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: SSLv3 write key exchange A
[Fri Mar 26 10:46:03 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: SSLv3 write server done A
[Fri Mar 26 10:46:03 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: SSLv3 flush data
[Fri Mar 26 10:46:03 2010] [debug] ssl_engine_io.c(1873): OpenSSL: read
5/5 bytes from BIO#b8ca3c90 [mem: b8cbb90b]

The successful test with curl w/ ssl-1.0.0

[Fri Mar 26 10:48:31 2010] [info] [client (redacted)] Connection to
child 2 established (server (redacted):443)
[Fri Mar 26 10:48:31 2010] [info] Seeding PRNG with 136 bytes of entropy
[Fri Mar 26 10:48:31 2010] [debug] ssl_engine_kernel.c(1861): OpenSSL:
Handshake: start
[Fri Mar 26 10:48:31 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: before/accept initialization
[Fri Mar 26 10:48:31 2010] [debug] ssl_engine_io.c(1873): OpenSSL: read
11/11 bytes from BIO#b8ca3c90 [mem: b8cbb908] (BIO dump follows)
(BIO dump removed)
[Fri Mar 26 10:48:31 2010] [debug] ssl_engine_io.c(1873): OpenSSL: read
222/222 bytes from BIO#b8ca3c90 [mem: b8cbb916] (BIO dump follows)
(BIO dump removed)
[Fri Mar 26 10:48:31 2010] [debug] ssl_engine_kernel.c(1988): [client
(redacted)] No matching SSL virtual host for servername
rbanfield.weogeo.net found (using default/first virtual host)
[Fri Mar 26 10:48:31 2010] [debug] ssl_engine_kernel.c(1879): OpenSSL:
Write: SSLv3 read client hello C
[Fri Mar 26 10:48:31 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: SSLv3 read client hello A
[Fri Mar 26 10:48:31 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: SSLv3 write server hello A
[Fri Mar 26 10:48:31 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: SSLv3 write certificate A
[Fri Mar 26 10:48:31 2010] [debug] ssl_engine_kernel.c(1269): [client
(redacted)] handing out temporary 1024 bit DH key
[Fri Mar 26 10:48:31 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: SSLv3 write key exchange A
[Fri Mar 26 10:48:31 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: SSLv3 write server done A
[Fri Mar 26 10:48:31 2010] [debug] ssl_engine_kernel.c(1869): OpenSSL:
Loop: SSLv3 flush data
[Fri Mar 26 10:48:31 2010] [debug] ssl_engine_io.c(1873): OpenSSL: read
5/5 bytes from BIO#b8ca3c90 [mem: b8cbb90b] (BIO dump follows)

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-03-26