Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Dashboard Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Curl won't download file from server that only supports TLS v1.0?

From: Petr Pisar via curl-users <curl-users_at_cool.haxx.se>
Date: Wed, 10 Jun 2020 20:10:08 +0200

On Wed, Jun 10, 2020 at 01:37:35PM -0400, John Klimek via curl-users wrote:
> Here is the result of [openssl s_client -connect storage.z-wave.me:443]
>
> CONNECTED(00000003)
> 140544376776000:error:1425F102:SSL
> routines:ssl_choose_client_version:unsupported
> protocol:../ssl/statem/statem_lib.c:1941:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 62 bytes and written 316 bytes
> Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> Early data was not sent
> Verify return code: 0 (ok)
> ---
>
And the client exists with a non-zero exit code. This is how it behaves when
the protocol is disabled.

> Also, here is [openssl list -disabled]:
> Disabled algorithms:
> HEARTBEATS
> IDEA
> MD2
> MDC2
> RC5
> SCTP
> SSL3
> ZLIB
>
If I compile OpenSSL 1.1.1g without TLSv1 support, the output is:

Disabled algorithms:
HEARTBEATS
MD2
RC5
SCTP
SSL3
TLS1
ZLIB

Just for a comparison, a working connection looks like:

No client certificate CA names sent
Peer signing digest: MD5-SHA1
Peer signature type: RSA
Server Temp Key: DH, 1024 bits 

---
SSL handshake has read 5525 bytes and written 517 bytes
Verification: OK
---
New, SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
I think you have the protocol disabled by a run-time configuration. Where did
you get the OpenSSL? Try consult your vendor's documentation.
-- Petr

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html

Received on 2020-06-10