curl-users
FTPS session failure - SSLv3, TLS :- Unknown SSL protocol error in connection to 159.1.1.1:21
Date: Wed, 13 Oct 2010 10:17:46 +0200
Dear All,
This morning our curl FTPS session failed with the error message:
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to 123.1.1.1:21
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to 123.1.1.1:21
The full command is: (Real IP and username/password strings replaced).
# curl -v -s -S -k --ftp-pasv --ftp-skip-pasv-ip --ftp-ssl --ftp-ssl-ccc
-u NNN:NNN ftp://123.1.1.1:21
I searched a little and found that this could be caused by one of these
(but perhaps something else):-
* The Destination Site Does Not Like the Protocol
* The Destination Site Does Not Like the Cipher
* The SSL Private Key Has Expired
I looked in /etc/ssl/certs and could not see any particular keys for
this site we are sending to. From the curl command I cannot see any
reference to call a specific SSL key, so wonder if we are even using one.
I did an strace to try and see what it was opening, but saw nothing:-
# strace -fF curl -v -s -S -k --ftp-pasv --ftp-skip-pasv-ip --ftp-ssl
--ftp-ssl-ccc -u NNN:NNN ftp://123.1.1.1:21 2>&1 | grep open
The third party server we send files to is a government office, and we
shall be penalised for delivery failures. Obviously, I am under a little
stress. I have contacted said government dept., asking them whether
anything has changed, but don't expect to hear a lot since their
Helpdesk takes 24 hours to respond. Long live the government and
taxation . . .
I am at a loss. Can someone suggest how I could identify this problem.
Best regards, J.
Appendix:
The full command and results are here:
# curl -v -s -S -k --ftp-pasv --ftp-skip-pasv-ip --ftp-ssl
--ftp-ssl-ccc -u NNN:NNN ftp://123.1.1.1:21 -T xn112_13102010.csv.gz.gpg
* About to connect() to 123.1.1.1 port 21 (#0)
* Trying 123.1.1.1... connected
* Connected to 123.1.1.1 (123.1.1.1) port 21 (#0)
< 220-Security Notice
< 220-You are about to access a secured resource. NNN Aanbieders Portaal
< 220-reserves the right to monitor and/or limit access to this resource at
< 220 any time.
> AUTH SSL
< 234 SSL enabled start the negotiation
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* Unknown SSL protocol error in connection to 123.1.1.1:21
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to 123.1.1.1:21
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-10-13