cURL / Mailing Lists / curl-users / Single Mail

curl-users

Connecting to an old server with insecure ssl cypher

From: Alejandro Vargas <alejandro.anv_at_gmail.com>
Date: Tue, 20 Oct 2015 09:10:54 +0200

I am using curl library in php and was connecting to an old server that has
the old deprecated ssl cypher.

Now I updated the server with new versions and the new versions of curl
refuses to connect to this server.

The error is this:

error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

If I use command-line curl to try the connection, the result is this:

$ curl -v --insecure https://62.42.xxx.x
* About to connect() to 62.42.xxx.x port 443 (#0)
* Trying 62.42.xxx.x...
* connected
* Connected to 62.42.xxx.x (62.42.xxx.x) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection #0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol

I am pretty sure the problem is the old version of the ssl cypher on the
server because all the new versions of browsers refuses to connect to it
with an error like "ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION" but I need to
connect to it anyway.

Is there a CURLOPT_something that I can use in curl_setopt for avoiding
this check?

-- 
Qapla'
sɐƃɹɐΛ oɹpuɐɾǝl∀

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-10-20