cURL / Mailing Lists / curl-users / Single Mail

curl-users

curl not using tls even if told to do so

From: George <izghitu_at_gmail.com>
Date: Tue, 4 Nov 2014 16:06:48 +0000

Hi,

I am trying to connect to a remote host using curl. The remote host
supports only tlsv1.2 and the RC4-SHA cipher. It does not support NSS,
only OpenSSL.

The default curl that comes with CentOS 7(the one I am using) was
using NSS so that didn't work for me.

Now I got the latest curl from git and manually compiled it with
support of openssl and without nss. My curl -V output is:
curl 7.38.1-DEV (x86_64-unknown-linux-gnu) libcurl/7.38.1-DEV
OpenSSL/1.0.1e zlib/1.2.7 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s
rtsp scp sftp smtp smtps telnet tftp
Features: IPv6 Largefile NTLM NTLM_WB SSL libz

I am running curl like this:
/usr/local/bin/curl -v --tlsv1.2 --cipher RC4-SHA --key ./somekey.pem
--cert ./somecert.crt https://somedomain.com/somepath

But the strange thing is that from the verbose output I can see that
curl is still trying to connect with SSLv3 which is not available:
* Hostname was NOT found in DNS cache
* Trying 1.1.1.1...
* Connected to somedomain.com (1.1.1.1) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS handshake, CERT verify (15):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS alert, Server hello (2):
* error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert
handshake failure

So why does curl refuse to use tlsv1.2 even if told to do so?

Please help
Thanks
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-11-04