cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Unable to connect to TLSv1.2 host

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 24 Aug 2015 08:54:31 +0200 (CEST)

On Sun, 23 Aug 2015, Lenny Markus via curl-users wrote:

> This still baffles me.I forced curl to use the exact same settings that work
> with openssl s_client, and I get the same result

curl is probably not doing everything exactly the same as s_client anyway.
There are a bunch of other small details involved too.

This said, lots of people in this thread and myself have already verified that
we can speak with this server fine using curl with openssl and gnutls which
would indicate that this problem is not about curl or openssl specificly, but
about them not working in your particular environment and network. That's
really tricky for us as outsiders to narrow down much further.

> $ curl -vv --tlsv1.2 --cipher ECDHE-RSA-AES256-SHA384
> https://ms136.slack-msgs.com

I don't have to ask for TLS 1.2, curl will speak 1.2 with this server by
default. It will also negotatiate ciphers fine by default. My curl invoke with
no extra options gives me:

" SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA384"

(and just as a side-note, -v has only a single level so -v or -vv or -vvv all
have the same effect: they enable verbosity)

> * TLSv1.2 (OUT), TLS header, Certificate Status (22):
> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
> * Unknown SSL protocol error in connection to ms136.slack-msgs.com:443
> * Closing connection 0

After the client hello, my curl continues:

* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):

... and so on...

I can only repeat what has already been said: Something kills (resets) your
connection after the client hello. I don't know what or why!

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2015-08-24

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: zero bytes transfers and issue #382"
Previous message: Jim Young: "Re: zero bytes transfers and issue #382"
In reply to: Lenny Markus via curl-users: "Re: Unable to connect to TLSv1.2 host"
Next in thread: Lenny Markus via curl-users: "Re: Unable to connect to TLSv1.2 host"
Reply: Lenny Markus via curl-users: "Re: Unable to connect to TLSv1.2 host"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]