cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Connecting to an old server with insecure ssl cypher

From: Rodrigo Zanatta Silva <rodrigozanattasilva_at_gmail.com>
Date: Thu, 29 Oct 2015 13:37:51 -0200

Some times ago I have the same problem. Just forcing to use --sslv3 make it
work. Maybe with an --insecure option

2015-10-20 11:35 GMT-02:00 Daniel Kahn Gillmor <dkg_at_fifthhorseman.net>:

> On Tue 2015-10-20 03:10:54 -0400, Alejandro Vargas wrote:
> > I am using curl library in php and was connecting to an old server that
> has
> > the old deprecated ssl cypher.
> >
> > Now I updated the server with new versions and the new versions of curl
> > refuses to connect to this server.
> >
> > The error is this:
> >
> > error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
> >
> > If I use command-line curl to try the connection, the result is this:
> >
> > $ curl -v --insecure https://62.42.xxx.x
> > * About to connect() to 62.42.xxx.x port 443 (#0)
> > * Trying 62.42.xxx.x...
> > * connected
> > * Connected to 62.42.xxx.x (62.42.xxx.x) port 443 (#0)
> > * successfully set certificate verify locations:
> > * CAfile: /etc/pki/tls/certs/ca-bundle.crt
> > CApath: none
> > * SSLv3, TLS handshake, Client hello (1):
> > * error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
> > * Closing connection #0
> > curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> > protocol
> >
> >
> > I am pretty sure the problem is the old version of the ssl cypher on the
> > server because all the new versions of browsers refuses to connect to it
> > with an error like "ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION" but I need
> to
> > connect to it anyway.
> >
> > Is there a CURLOPT_something that I can use in curl_setopt for avoiding
> > this check?
>
> have you tried something like curl's --sslv2 or --sslv3 options? These
> are risky and dangerous -- both protocols are known-broken.
>
> --dkg
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-users
> FAQ: http://curl.haxx.se/docs/faq.html
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-10-29