Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: curl with tlsv1.2

From: ramakanth varala via curl-users <curl-users_at_cool.haxx.se>
Date: Thu, 11 Jul 2019 10:26:25 +0530

Hi Ray & Jan ,

Thanks for your replies.

Ray, one of the file is being uploaded to destination using this method.

later in searching below error of

"SSLv2, Unknown (23):"

I see that there is an issue with the curl 7.36 (the version i used ) n
with respect to ssl, Now i tool latest curl 7.65.1 compiled with
openssl-1.0.2r .

Below is the invocation , still i see some issue like " ALPN, server did
not agree to a protocol" . Below is the logtrace of the same.

cat ntest-1000v.5.2.1.VSG2.2.2.disk1.vmdk | /home/admin/curl/bin/curl
--tlsv1.2 -T - --fail -v --insecure --request POST --header "Connection:
Keep-Alive" --header "Content-Type: application/x-vnd.vmware-streamVmdk"
https://10.126.129.101/nfc/522532fc-0ff3-caac-49c9-082aee06a407/disk-0.vmdk
* Trying 10.126.129.101:443...
* TCP_NODELAY set
* Connected to 10.126.129.101 (10.126.129.101) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection:
ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=California; L=Palo Alto; O=VMware; OU=VMware
Engineering; CN=10.126.129.101; emailAddress=vmca_at_vmware.com
* start date: Jun 11 07:43:54 2019 GMT
* expire date: Jun 10 07:43:54 2024 GMT
* issuer: CN=CA; DC=vsphere; DC=local; C=US; ST=California;
O=localhost.localdom; OU=VMware
* SSL certificate verify result: self signed certificate in certificate
chain (19), continuing anyway.
> POST /nfc/522532fc-0ff3-caac-49c9-082aee06a407/disk-0.vmdk HTTP/1.1
> Host: 10.126.129.101
> User-Agent: curl/7.65.1
> Accept: */*
> Transfer-Encoding: chunked
> Connection: Keep-Alive
> Content-Type: application/x-vnd.vmware-streamVmdk
> Expect: 100-continue
>
* Mark bundle as not supporting multiuse
* The requested URL returned error: 404 Not Found
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):
curl: (22) The requested URL returned error: 404 Not Found

Can we know what am i missing here?.

On Thu, Jul 11, 2019 at 8:45 AM Ray Satiro via curl-users <
curl-users_at_cool.haxx.se> wrote:

> On 7/8/2019 10:50 PM, ramakanth varala via curl-users wrote:
>
> I am trying to access URL with https , which is enabled with TLSv1.2 .
>
> I see that the request using curl and it's getting declined from the
> server end.
>
> Below is the curl command and the response i get.
>
> =======================================================
> [root_at_localhost download]# cat
> /opt/abc/download/nexus-1000v.5.2.1.ABCD2.2.2.disk1.vmdk |
> /home/admin/curl-7.36/bin/curl --tlsv1.2 -T - --fail -v --insecure
> --request POST --header "Connection: Keep-Alive" --header "Content-Type:
> application/x-vnd.vmware-streamVmdk"
> https://10.126.129.101/nfc/522532fc-0ff3-caac-49c9-082aee06a407/disk-0.vmdk
> * Hostname was NOT found in DNS cache
> * ?? Trying 10.126.129.101...
> * Connected to 10.126.129.101 (10.126.129.101) port 443 (#0)
> * successfully set certificate verify locations:
> * ?? CAfile: /etc/pki/tls/certs/ca-bundle.crt
> ?? CApath: none
> * SSLv3, TLS Unknown, Unknown (22):
> * SSLv3, TLS handshake, Client hello (1):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, Server key exchange (12):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, Server finished (14):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, Client key exchange (16):
> * SSLv2, Unknown (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, Finished (20):
> * SSLv2, Unknown (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv2, Unknown (22):
> * SSLv3, TLS handshake, Finished (20):
> * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
> * Server certificate:
> * ?? ?? ?? ??subject: C=US; ST=California; L=Palo Alto; O=VMware;
> OU=VMware Engineering; CN=10.126.129.101; emailAddress=vmca_at_vmware.com
> * ?? ?? ?? ??start date: 2019-06-11 07:43:54 GMT
> * ?? ?? ?? ??expire date: 2024-06-10 07:43:54 GMT
> * ?? ?? ?? ??issuer: CN=CA; DC=vsphere; DC=local; C=US; ST=California;
> O=localhost.localdom; OU=VMware
> * ?? ?? ?? ??SSL certificate verify result: self signed certificate in
> certificate chain (19), continuing anyway.
> * SSLv2, Unknown (23):
> > POST /nfc/522532fc-0ff3-caac-49c9-082aee06a407/disk-0.vmdk HTTP/1.1
> > User-Agent: curl/7.36.0
> > Host: 10.126.129.101
> > Accept: */*
> > Transfer-Encoding: chunked
> > Connection: Keep-Alive
> > Content-Type: application/x-vnd.vmware-streamVmdk
> > Expect: 100-continue
> >
> * SSLv2, Unknown (23):
> * The requested URL returned error: 404 Not Found
> * Closing connection 0
> * SSLv2, Unknown (21):
> * SSLv3, TLS alert, Client hello (1):
> curl: (22) The requested URL returned error: 404 Not Found
> [root_at_localhost download]#
> =======================================================
> Queries?? her are like
>
> 1. How to know on which stage it's getting declined?.
> 2. Is this because of any certificate error?.
>
>
> It looks like you are trying to PUT a file on the server by using -T but
> you're overriding that by using --request POST.
> -----------------------------------------------------------
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
> Etiquette: https://curl.haxx.se/mail/etiquette.html
>

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-07-11