Hello,

we have a server that requires TLS1.2. Since we are working on ubuntu 11.04 we need to update openssl and curl to appropriate versions.

We downloaded openssl and curl, build openssl and curl against it. Verified that using ldd.

When we run openssl to test TLS1.2 it works. It works against our server.

But when we run curl, using --tls1.2 as command line parameter, it will either say it does not recoqnise the option (I assume that there is an order dependency on the parameters?)
OR it will accept all parameters, but then it will use SSLv3.

The command we run is:

./curl https://someserver --cacert some.crt --cert some.pem --tlsv1.2 --verbose

Output:
<cut>
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES128-SHA
<cut>

(No mentioning of TLS1.2 anywhere)

Other command:

./curl https://someserver --cacert some.crt --cert some.pem --tlsv1.2
curl: (35) Unknown SSL protocol error in connection to someserver:443

So my question is, does --tlsv1.2 really work? What might we be doing wrong?

ubuntu 12.04 64bit
curl 7.35,
OpenSSL 1.0.1 14 Mar 2012 (Library: OpenSSL 1.0.1f 6 Jan 2014)

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-04-08