Re: SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

Hi Ray. Here is the command with verbose output:

$ curl -vvv --location 'https://www.upward.net/'
*   Trying 67.227.172.39:443...
* TCP_NODELAY set
* Connected to www.upward.net (67.227.172.39) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, handshake failure (552):
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert
handshake failure

$ curl --version
curl 7.68.0 (x86_64-pc-linux-gnu) libcurl/7.68.0 OpenSSL/1.1.1g
zlib/1.2.11 brotli/1.0.7 libidn2/2.3.0 libpsl/0.21.0 (+libidn2/2.3.0)
libssh2/1.8.0 nghttp2/1.40.0 librtmp/2.3
Release-Date: 2020-01-08
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos
Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets

I think you can't reproduce the error because your Curl version is not
affected. However, I've tried docker run --rm curlimages/curl:7.68.0 -L
https://www.upward.net/ and it did work, so I think the issue is related
to curl packaged in Debian.

Finally, I don't have problems with any other known https websites (e.g.
curl --location 'https://www.google.com' works)

-- 
Att,
Tobias
"If technology does not liberate all people for the pursuit of higher aspirations in human achievement, then all it's technical potential will be meaningless." - Jacque Fresco

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html