On Tue 2015-10-20 03:10:54 -0400, Alejandro Vargas wrote:
> I am using curl library in php and was connecting to an old server that has
> the old deprecated ssl cypher.
>
> Now I updated the server with new versions and the new versions of curl
> refuses to connect to this server.
>
> The error is this:
>
> error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
>
> If I use command-line curl to try the connection, the result is this:
>
> $ curl -v --insecure https://62.42.xxx.x
> * About to connect() to 62.42.xxx.x port 443 (#0)
> * Trying 62.42.xxx.x...
> * connected
> * Connected to 62.42.xxx.x (62.42.xxx.x) port 443 (#0)
> * successfully set certificate verify locations:
> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
> CApath: none
> * SSLv3, TLS handshake, Client hello (1):
> * error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
> * Closing connection #0
> curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol
>
>
> I am pretty sure the problem is the old version of the ssl cypher on the
> server because all the new versions of browsers refuses to connect to it
> with an error like "ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION" but I need to
> connect to it anyway.
>
> Is there a CURLOPT_something that I can use in curl_setopt for avoiding
> this check?

have you tried something like curl's --sslv2 or --sslv3 options? These
are risky and dangerous -- both protocols are known-broken.

    --dkg
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-10-20