> Dear All,
>
> This morning our curl FTPS session failed with the error message:
>
> * SSLv3, TLS handshake, Client hello (1):
> * Unknown SSL protocol error in connection to 123.1.1.1:21
> * Closing connection #0
> curl: (35) Unknown SSL protocol error in connection to 123.1.1.1:21
>
> The full command is: (Real IP and username/password strings replaced).
> # curl -v -s -S -k --ftp-pasv --ftp-skip-pasv-ip --ftp-ssl
> --ftp-ssl-ccc -u NNN:NNN ftp://123.1.1.1:21
>
> I searched a little and found that this could be caused by one of
> these (but perhaps something else):-
>
> * The Destination Site Does Not Like the Protocol
> * The Destination Site Does Not Like the Cipher
> * The SSL Private Key Has Expired
>
>
> I looked in /etc/ssl/certs and could not see any particular keys for
> this site we are sending to. From the curl command I cannot see any
> reference to call a specific SSL key, so wonder if we are even using one.
>
> I did an strace to try and see what it was opening, but saw nothing:-
> # strace -fF curl -v -s -S -k --ftp-pasv --ftp-skip-pasv-ip --ftp-ssl
> --ftp-ssl-ccc -u NNN:NNN ftp://123.1.1.1:21 2>&1 | grep open
>
>
> The third party server we send files to is a government office, and we
> shall be penalised for delivery failures. Obviously, I am under a
> little stress. I have contacted said government dept., asking them
> whether anything has changed, but don't expect to hear a lot since
> their Helpdesk takes 24 hours to respond. Long live the government
> and taxation . . .
>
> I am at a loss. Can someone suggest how I could identify this problem.
>
> Best regards, J.
>
>
> Appendix:
> The full command and results are here:
> # curl -v -s -S -k --ftp-pasv --ftp-skip-pasv-ip --ftp-ssl
> --ftp-ssl-ccc -u NNN:NNN ftp://123.1.1.1:21 -T xn112_13102010.csv.gz.gpg
> * About to connect() to 123.1.1.1 port 21 (#0)
> * Trying 123.1.1.1... connected
> * Connected to 123.1.1.1 (123.1.1.1) port 21 (#0)
> < 220-Security Notice
> < 220-You are about to access a secured resource. NNN Aanbieders Portaal
> < 220-reserves the right to monitor and/or limit access to this
> resource at
> < 220 any time.
> > AUTH SSL
> < 234 SSL enabled start the negotiation
> * successfully set certificate verify locations:
> * CAfile: none
> CApath: /etc/ssl/certs/
> * SSLv3, TLS handshake, Client hello (1):
> } [data not shown]
> * Unknown SSL protocol error in connection to 123.1.1.1:21
> * Closing connection #0
> curl: (35) Unknown SSL protocol error in connection to 123.1.1.1:21
>
>
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-users
> FAQ: http://curl.haxx.se/docs/faq.html
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>
I forgot to mention the version numbers of curl & openssl, uname, etc in
case this helps, but I doubt this'll help because nothing has changed in
the past year.

# curl --version
curl 7.19.0 (i686-suse-linux-gnu) libcurl/7.19.0 OpenSSL/0.9.8h
zlib/1.2.3 libidn/1.10
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

# rpm -qv libcurl4
libcurl4-7.19.0-11.20

# openssl
OpenSSL> version
OpenSSL 0.9.8h 28 May 2008

# uname -a
Linux a446 2.6.27.19-5-pae #1 SMP 2009-02-28 04:40:21 +0100 i686 i686
i386 GNU/Linux
SLES 11.0 i586

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-10-13