curl with tlsv1.2
Date: Tue, 9 Jul 2019 08:20:27 +0530
Hi All,
I am trying to access URL with https , which is enabled with TLSv1.2 .
I see that the request using curl and it's getting declined from the server
end.
Below is the curl command and the response i get.
=======================================================
[root_at_localhost download]# cat
/opt/abc/download/nexus-1000v.5.2.1.ABCD2.2.2.disk1.vmdk |
/home/admin/curl-7.36/bin/curl --tlsv1.2 -T - --fail -v --insecure
--request POST --header "Connection: Keep-Alive" --header "Content-Type:
application/x-vnd.vmware-streamVmdk"
https://10.126.129.101/nfc/522532fc-0ff3-caac-49c9-082aee06a407/disk-0.vmdk
* Hostname was NOT found in DNS cache
* Trying 10.126.129.101...
* Connected to 10.126.129.101 (10.126.129.101) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv3, TLS Unknown, Unknown (22):
* SSLv3, TLS handshake, Client hello (1):
* SSLv2, Unknown (22):
* SSLv3, TLS handshake, Server hello (2):
* SSLv2, Unknown (22):
* SSLv3, TLS handshake, CERT (11):
* SSLv2, Unknown (22):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv2, Unknown (22):
* SSLv3, TLS handshake, Server finished (14):
* SSLv2, Unknown (22):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv2, Unknown (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv2, Unknown (22):
* SSLv3, TLS handshake, Finished (20):
* SSLv2, Unknown (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv2, Unknown (22):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: C=US; ST=California; L=Palo Alto; O=VMware; OU=VMware
Engineering; CN=10.126.129.101; emailAddress=vmca_at_vmware.com
* start date: 2019-06-11 07:43:54 GMT
* expire date: 2024-06-10 07:43:54 GMT
* issuer: CN=CA; DC=vsphere; DC=local; C=US; ST=California;
O=localhost.localdom; OU=VMware
* SSL certificate verify result: self signed certificate in
certificate chain (19), continuing anyway.
* SSLv2, Unknown (23):
> POST /nfc/522532fc-0ff3-caac-49c9-082aee06a407/disk-0.vmdk HTTP/1.1
> User-Agent: curl/7.36.0
> Host: 10.126.129.101
> Accept: */*
> Transfer-Encoding: chunked
> Connection: Keep-Alive
> Content-Type: application/x-vnd.vmware-streamVmdk
> Expect: 100-continue
>
* SSLv2, Unknown (23):
* The requested URL returned error: 404 Not Found
* Closing connection 0
* SSLv2, Unknown (21):
* SSLv3, TLS alert, Client hello (1):
curl: (22) The requested URL returned error: 404 Not Found
[root_at_localhost download]#
=======================================================
Queries her are like
1. How to know on which stage it's getting declined?.
2. Is this because of any certificate error?.
if i run openssl -client i get to know below details.
=============================================================
[root_at_localhost ~]# openssl s_client -connect 10.126.129.101:443
CONNECTED(00000004)
depth=1
/CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=localhost.localdom/OU=VMware
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Palo Alto/O=VMware/OU=VMware Engineering/CN=
10.126.129.101/emailAddress=vmca_at_vmware.com
i:/CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=localhost.localdom/OU=VMware
1
s:/CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=localhost.localdom/OU=VMware
i:/CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=localhost.localdom/OU=VMware
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID4zCCAsugAwIBAgIJAOw3sQQ9l5DyMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYD
VQQDDAJDQTEXMBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZ
FgVsb2NhbDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExGzAZBgNV
BAoMEmxvY2FsaG9zdC5sb2NhbGRvbTEPMA0GA1UECwwGVk13YXJlMB4XDTE5MDYx
MTA3NDM1NFoXDTI0MDYxMDA3NDM1NFowgZ0xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApDYWxpZm9ybmlhMRIwEAYDVQQHDAlQYWxvIEFsdG8xDzANBgNVBAoMBlZNd2Fy
ZTEbMBkGA1UECwwSVk13YXJlIEVuZ2luZWVyaW5nMRcwFQYDVQQDDA4xMC4xMjYu
MTI5LjEwMTEeMBwGCSqGSIb3DQEJARYPdm1jYUB2bXdhcmUuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/TrYvsqg2xFDYud6oJauZ1NkQYLGqCP
iF3bq6Au+mecJ80vqSDg3loXlqd//Q7ItI+Huh1BJd7Cc0bGqCqAx3RDO4ChAlim
VSzxYhOH1TyxOr41tcxw4/kamUvJ0P8CVGS8blt4rnIoQEzJiteYshgI9f1Chouj
S+TPspUiC7MuKjTQaciNSZY0rdGTP7K1KukEDAeaGd0RklQsaXJzujWX1rnu6Zxp
SW7t9X6xcAwOI0Fl2Ig+lFG+AAFjx13eJKjpBcByCVrGnpQWd6ppB7P/nv+mzIlf
TxzMBGEEmt+3A/G3zOyoTG55gIbM7lF58fSo4gSJMTv7cJFhG6AUdQIDAQABozQw
MjAPBgNVHREECDAGhwQKfoFlMB8GA1UdIwQYMBaAFNc1DpSJQux0e9fTAkpr2i+0
nhuNMA0GCSqGSIb3DQEBCwUAA4IBAQBfQajg1xTU1bXNIq2Kp8MLG7wv/bfxKj0K
vE6Pze+TYc9N7k35LpAu1hG17/wIUGqXN4rjua3W4kVK+oqAtuyMcnMHIfvJ23zi
uF+rl0/FFsAQs6NhUmzom6l/qWZ6R6FRA5UyEm8k7rJ8zt6lhn2zBDPeoX1LQvNI
LolFXD3dy50v8nvg3TNgHU5m38XtwtUl8TKZDo02JFZCo7bWNyX8yAuCagrpCutt
T2Ir9WROMxo63kNN1YqUxP3HyXf/YgBVh4teMeojQprU7ELEnmX6wxsbXmrdYnCH
1buQbXgVh6zH2pj3IAXq8FzZYpcu1mT31da7Mzyw/nbIJziPh+Ie
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Palo Alto/O=VMware/OU=VMware Engineering/CN=
10.126.129.101/emailAddress=vmca_at_vmware.com
issuer=/CN=CA/DC=vsphere/DC=local/C=US/ST=California/O=localhost.localdom/OU=VMware
---
No client certificate CA names sent
---
SSL handshake has read 2172 bytes and written 447 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
Session-ID-ctx:
Master-Key:
536C3E5057F79501473E1AC6BF291417FCE24D43829181B4F1D909DB677E35B78C3B814272E7316CDEBCA199F4430302
Key-Arg : None
Krb5 Principal: None
Start Time: 1562606628
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
=============================================================
can we use any of the above info to narrow down the issue ?.
Thanks
RK
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-07-09