cURL / Mailing Lists / curl-users / Single Mail

curl-users

Cannot communicate securely with peer: no common encryption algorithm

From: Rhys Evans <rhys.evans_at_redblade.co.uk>
Date: Tue, 2 Dec 2014 12:29:44 +0000

Firstly thanks in advance for any help provided

I am having an issue using curl on a specific website we host (but a third party app), I keep getting the following

[root_at_01 user]# curl --version
curl 7.39.0 (x86_64-redhat-linux-gnu) libcurl/7.39.0 NSS/3.16.2 Basic ECC zlib/1
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s
Features: AsynchDNS IDN IPv6 Largefile GSS-API SPNEGO NTLM NTLM_WB SSL libz Meta
[root@01 user]# curl -vvv https://website
* Rebuilt URL to: https://website/
* Hostname was NOT found in DNS cache
* Trying websiteip...
* Connected to monitor.redclient.net (websiteip) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP)
* Cannot communicate securely with peer: no common encryption algorithm(s).
* Closing connection 0
curl: (35) Cannot communicate securely with peer: no common encryption algorithm

I am able to connect using openssl via openssl s_client -connect website:443 this connects using TLS1.2 and ECDHE-RSA-AES256-GCM-SHA384

The sites accepted ciphers are listed below

    Accepted TLSv1 256 bits ECDHE-RSA-AES256-SHA
    Accepted TLS11 256 bits ECDHE-RSA-AES256-SHA
    Accepted TLS12 256 bits ECDHE-RSA-AES256-GCM-SHA384
    Accepted TLS12 256 bits ECDHE-RSA-AES256-SHA384
    Accepted TLS12 256 bits ECDHE-RSA-AES256-SHA
    Accepted TLS12 128 bits ECDHE-RSA-AES128-GCM-SHA256

I am running Centos 7 (if I downgrade curl (to the dist version) I get the same issue)

Any ideas as to why this doesn't work ?

Thanks

Rhys Evans
Technical Consultant

Redblade Ltd is a Limited Company, registered in England and Wales, no: 5821834 Registered Office: Southbank House, Black Prince Road, Vauxhall, London, SE1 7SJ This email and its content are subject to the disclaimer as displayed at the following link http://www.redblade.co.uk/disclaimer/

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-12-02

This message: [ Message body ]
Next message: Kamil Dudka: "Re: Cannot communicate securely with peer: no common encryption algorithm"
Previous message: Lord Viper: "There could be something wrong w/ "-k" option in version "libcurl/7.36.0 ""
Next in thread: Kamil Dudka: "Re: Cannot communicate securely with peer: no common encryption algorithm"
Reply: Kamil Dudka: "Re: Cannot communicate securely with peer: no common encryption algorithm"
Maybe reply: Daniel Stenberg: "RE: Cannot communicate securely with peer: no common encryption algorithm"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]