Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Dashboard Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Curl won't download file from server that only supports TLS v1.0?

From: John Klimek via curl-users <curl-users_at_cool.haxx.se>
Date: Wed, 10 Jun 2020 13:37:35 -0400

Here is the result of [openssl s_client -connect storage.z-wave.me:443]

CONNECTED(00000003)
140544376776000:error:1425F102:SSL
routines:ssl_choose_client_version:unsupported
protocol:../ssl/statem/statem_lib.c:1941: 

---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 62 bytes and written 316 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
Also, here is [openssl list -disabled]:
Disabled algorithms:
HEARTBEATS
IDEA
MD2
MDC2
RC5
SCTP
SSL3
ZLIB
Does that provide a clue?  I see in the s_client connect it also shows
the same error (unsupported protocol).
On Wed, Jun 10, 2020 at 1:14 PM Petr Pisar <petr.pisar_at_atlas.cz> wrote:
>
> On Wed, Jun 10, 2020 at 10:20:47AM -0400, John Klimek via curl-users wrote:
> > https://storage.z-wave.me/z-way-server/z-way-server-Ubuntu-v3.0.6.tgz
> >
> > ...but I'm getting an error message:
> >
> > curl: (35) error:1425F102:SSL
> > routines:ssl_choose_client_version:unsupported protocol
> >
> > The website only supports TLS v1.0
> > (https://www.ssllabs.com/ssltest/analyze.html?d=storage.z-wave.me)
> >
> > How can I have curl allow TLS v1.0?  I've tried --tlsv1.0 and
> > --tls-max 1.0 but it doesn't work.
> >
> > root_at_f5b0094d2066:/etc/ssl# curl -V
> > curl 7.68.0 (x86_64-pc-linux-gnu) libcurl/7.68.0 OpenSSL/1.1.1f
> > zlib/1.2.11 brotli/1.0.7 libidn2/2.2.0 libpsl/0.21.0 (+libidn2/2.2.0)
> > libssh/0.9.3/openssl/zlib nghttp2/1.40.0 librtmp/2.3
>
> I think the cause lies in your OpenSSL, not in curl. Does
> "openssl s_client -connect storage.z-wave.me:https" work for you?
>
> If it does not, then either TLSv1.0 was disabled when building the OpenSSL
> library ("openssl list -disabled" could provide a hint), or the support is
> disabled with a run-time configuration. E.g. Fedora distribution does that in
> /etc/crypto-policies/config file.
>
> -- Petr
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2020-06-10