curl-users
curl fails to negotiate TLS handshake with server unless compatible cipher suite is explicitly defined on commandline
Date: Fri, 20 Mar 2015 04:15:51 -0400
Unfortunately I can't reveal the actual server used and I don't know
of any other cases where this happens. I understand that may make it
hard to test.
With ./curl_stage --ciphers RC4-SHA:RC4-MD5 -vvv https://example.com -1, I get
> curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
With ./curl_stage --ciphers AES256 -vvv https://example.com -1, I get
>* SSLv3, TLS handshake, Client hello (1):
>* SSLv3, TLS handshake, Server hello (2):
>* SSLv3, TLS handshake, CERT (11):
>* SSLv3, TLS handshake, Server finished (14):
>* SSLv3, TLS handshake, Client key exchange (16):
>* SSLv3, TLS change cipher, Client hello (1):
>* SSLv3, TLS handshake, Finished (20):
>* SSLv3, TLS change cipher, Client hello (1):
>* SSLv3, TLS handshake, Finished (20):
>* SSL connection using AES256-SHA
This is behavior is specific to one of the library's linked against
cURL, but I'm not sure which one.
All machines we have tested except for this one can connect to the
site and behave fine with the simple curl commands above. If I execute
curl_stage on a machine where normal curl behaves well, I get the same
problem, so it's not a network or configuration thing.
Can you help me identify the source of this issue? Shouldn't curl
exhaust its list of potential cipher suites before the server gives up
and sends an RST? The executable in question, statically linked with
all necessary libs by Ermine, is attached. I know that a library is
causing this because it happened both with the custom-built curl here
and the curl from Ubuntu.
Thanks.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
- application/x-gzip attachment: curl_stage.gz