curl-users
On Windows behind a proxy, curl 7.22 works but 7.45 gives "Unknown SSL protocol error" unless a cipher is specified
Date: Wed, 14 Oct 2015 17:32:40 +1100
If I use curl version 7.22 the following works:
* curl22 --proxy domain\usr:pwd_at_proxy.machine:8080
https://thirdparty.authentication.business.gov.au --verbose
If I use curl version 7.45 with the cipher arg it works:
* curl45 --proxy domain\usr:pwd_at_proxy.machine:8080
https://thirdparty.authentication.business.gov.au --verbose --ciphers
AES256-SHA
However, if I use curl version 7.45 the following fails (no cipher arg):
* curl45 --proxy domain\usr:pwd_at_proxy.machine:8080
https://thirdparty.authentication.business.gov.au --verbose
It does however work when there is no proxy or I try another site with
the proxy e.g. https://www.google.com.au
Rather confusing. Any suggestions would be appreciated.
This FAILS (7.45) ====================================
* Rebuilt URL to: https://thirdparty.authentication.business.gov.au/
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left
Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0* Trying 10.15.14.1...
* Connected to proxy.machine (10.15.14.1) port 8080 (#0)
* Establish HTTP proxy tunnel to
thirdparty.authentication.business.gov.au:443
* Proxy auth using Basic with user 'domain\usr'
> CONNECT thirdparty.authentication.business.gov.au:443 HTTP/1.1 > Host:
thirdparty.authentication.business.gov.au:443 > Proxy-Authorization:
Basic ABCDEF== > User-Agent: curl/7.45.0 >
Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established <
* Proxy replied OK to CONNECT request
* ALPN, offering http/1.1
* Cipher selection:
ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: D:\pf\curl\22\curl-ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0* Unknown SSL protocol error in connection to
thirdparty.authentication.business.gov.au:443
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to
thirdparty.authentication.business.gov.au:443
====================================
This WORKS (7.22) ====================================
* About to connect() to proxy proxy.machine port 8080 (#0)
* Trying 10.15.14.1... % Total % Received % Xferd Average
Speed Time Time Time Current
Dload Upload Total Spent Left
Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0connected
* Establish HTTP proxy tunnel to
thirdparty.authentication.business.gov.au:443
* Proxy auth using Basic with user 'domain\usr'
> CONNECT thirdparty.authentication.business.gov.au:443 HTTP/1.1 > Host:
thirdparty.authentication.business.gov.au:443 > Proxy-Authorization:
Basic ABCDEF== > User-Agent: curl/7.22.0
(amd64-pc-win32) libcurl/7.22.0 OpenSSL/0.9.8r zlib/1.2.5 >
Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established <
* Proxy replied OK to CONNECT request
* successfully set certificate verify locations:
* CAfile: D:\pf\curl\22\curl-ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS handshake, Server finished (14):
{ [data not shown]
* SSLv3, TLS handshake, Client key exchange (16):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Finished (20):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
{ [data not shown]
* SSLv3, TLS handshake, Finished (20):
{ [data not shown]
* SSL connection using AES256-SHA
* Server certificate:
* subject: 1.3.6.1.4.1.311.60.2.1.3=AU; businessCategory=Government
Entity; serialNumber=74 599 608 295; C=AU; postalCode=2600;
ST=Australian Capital Territory; L=Canberra; street=10 Binara Street;
O=Department of Industry; OU=VANguard; CN=thirdparty.authentication.
* start date: 2014-05-27 00:00:00 GMT
* expire date: 2016-05-27 23:59:59 GMT
* subjectAltName: thirdparty.authentication.business.gov.au matched
* issuer: C=US; O=Symantec Corporation; OU=Symantec Trust Network;
CN=Symantec Class 3 EV SSL CA - G3
* SSL certificate verify ok.
> GET / HTTP/1.1 > User-Agent: curl/7.22.0 (amd64-pc-win32)
libcurl/7.22.0 OpenSSL/0.9.8r zlib/1.2.5 > Host:
thirdparty.authentication.business.gov.au > Accept: */* > 0 0
0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0<
HTTP/1.1 302 Redirect < Content-Type: text/html; charset=UTF-8 <
Location: http://vanguard.business.gov.au < Server: Microsoft-IIS/7.5 <
X-Powered-By: ASP.NET < Date: Tue, 13 Oct 2015 23:11:50 GMT <
Content-Length: 154 < { [data not shown]
100 154 100 154 0 0 161 0 --:--:-- --:--:--
--:--:-- 169<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a
HREF="http://vanguard.business.gov.au">here</a></body>
* Connection #0 to host proxy.machine left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
} [data not shown]
====================================
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-10-14