curl-library
libcurl and SSLv2
Date: Fri, 2 Jan 2009 12:42:49 -0800
I've run into an interesting problem. When trying to connect to the domain
www.hottopic.com, which recently disabled SSLv2 support, I get the
following:
> curl --verbose https://www.hottopic.com/
* About to connect() to www.hottopic.com port 443 (#0)
* Trying 65.208.131.90... connected
* Connected to www.hottopic.com (65.208.131.90) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /usr/share/ssl/certs/ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to www.hottopic.com:443
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to www.hottopic.com:443
Here is my version information:
> curl --version
curl 7.19.1-test (i686-pc-linux-gnu) libcurl/7.19.1-test OpenSSL/0.9.7a
zlib/1.1.4
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: Largefile NTLM SSL libz
When running this same command with an older version of openssl, it works
fine:
> curl --version
curl 7.19.2 (i686-pc-linux-gnu) libcurl/7.19.2 OpenSSL/0.9.7a zlib/1.1.4
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: Largefile NTLM SSL libz
> curl --verbose https://www.hottopic.com/
* About to connect() to www.hottopic.com port 443 (#0)
* Trying 65.208.131.90... connected
* Connected to www.hottopic.com (65.208.131.90) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /usr/share/ssl/certs/ca-bundle.crt
CApath: none
* SSLv2, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DES-CBC3-SHA
* Server certificate:...
Has anyone seen this kind of behavior before? I would bet most of you if you
ran this command would see the error, or one like it, as I presume most of
you have the latest version of openssl and libcurl installed.
I would have to have to downgrade openssl versions, but at this point that
seems to be my only choice.
Thanks in advance.
Received on 2009-01-02