curl-users
Re: Unable to connect to TLSv1.2 host
Date: Mon, 24 Aug 2015 07:23:32 -0700
> On Aug 23, 2015, at 11:54 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
>
>> On Sun, 23 Aug 2015, Lenny Markus via curl-users wrote:
>>
>> This still baffles me.I forced curl to use the exact same settings that work with openssl s_client, and I get the same result
>
> curl is probably not doing everything exactly the same as s_client anyway. There are a bunch of other small details involved too.
>
> This said, lots of people in this thread and myself have already verified that we can speak with this server fine using curl with openssl and gnutls which would indicate that this problem is not about curl or openssl specificly, but about them not working in your particular environment and network. That's really tricky for us as outsiders to narrow down much further.
>
>> $ curl -vv --tlsv1.2 --cipher ECDHE-RSA-AES256-SHA384
>> https://ms136.slack-msgs.com
>
> I don't have to ask for TLS 1.2, curl will speak 1.2 with this server by default. It will also negotatiate ciphers fine by default. My curl invoke with no extra options gives me:
>
> " SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA384"
>
> (and just as a side-note, -v has only a single level so -v or -vv or -vvv all have the same effect: they enable verbosity)
>
>> * TLSv1.2 (OUT), TLS header, Certificate Status (22):
>> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
>> * Unknown SSL protocol error in connection to ms136.slack-msgs.com:443
>> * Closing connection 0
>
> After the client hello, my curl continues:
>
> * TLSv1.2 (IN), TLS handshake, Server hello (2):
> * TLSv1.2 (IN), TLS handshake, Certificate (11):
> * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
> * TLSv1.2 (IN), TLS handshake, Server finished (14):
> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
> * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
> * TLSv1.2 (OUT), TLS handshake, Finished (20):
> * TLSv1.2 (IN), TLS change cipher, Client hello (1):
> * TLSv1.2 (IN), TLS handshake, Finished (20):
>
> ... and so on...
>
> I can only repeat what has already been said: Something kills (resets) your connection after the client hello. I don't know what or why!
>
> --
>
> / daniel.haxx.se
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-users
> FAQ: http://curl.haxx.se/docs/faq.html
> Etiquette: http://curl.haxx.se/mail/etiquette.
Fair enough. I'll start moving up the network then to see if I can find a root cause.
Thanks for the help!
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-08-24