cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL handshake problems

From: Federico Figus <figus.federico_at_gmail.com>
Date: Sun, 10 Feb 2013 01:06:43 +0100

Likely your OpenSSL has not actived the SSLv2 support (default
configuration).
Try
openssl s_client -ssl2 -connect hostname:port
if protocol SSLv2 is not supported, it will return: "unknown option -ssl2"

On 9 February 2013 23:01, plot.lost <plot.lost_at_gmail.com> wrote:

> Can someone advise on what might be the cause of getting a 'SSL connection
> timeout' error if I don't provide either the '-3' or '-1' option to the
> command line.
>
> Without using one of those two options, then the connection gets as far as
> '* SSLv3, TLS handshake, Client hello (1):' and then freezes until the
> timeout happens
>
> By adding -3 or -1 to the command line (to force SSLv3 or TLSv1) then the
> connection works fine,
>
> * SSLv3, TLS handshake, Client hello (1):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS handshake, Server finished (14):
> * SSLv3, TLS handshake, Client key exchange (16):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSL connection using RC4-MD5
>
> By adding -2 to force SSLv2, the connection fails (as expected)
>
> * SSLv2, Client hello (1):
> * Unknown SSL protocol error in connection to x.x.x.x:443
>
> What I am concerned about is that if I don't specify -3 or -1, then the
> connection just hangs until the timeout.
>
> This is using curl 7.24.0 with OpenSSL/1.0.1a - I am having problems
> building the lastest version (many of the tests fail, so I don't want to
> use it until I can get all the tests working). Is this a known problem or
> one that someone else may of come across, and am I likely to get the same
> results even once I get the latest version built and working?
>
> Thanks for any info on this.
>
>
> ------------------------------**------------------------------**-------
> List admin: http://cool.haxx.se/list/**listinfo/curl-library<http://cool.haxx.se/list/listinfo/curl-library>
> Etiquette: http://curl.haxx.se/mail/**etiquette.html<http://curl.haxx.se/mail/etiquette.html>
>

-- 
*Federico Figus*

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-02-10

This message: [ Message body ]
Next message: plot.lost: "Re: SSL handshake problems"
Previous message: ALLWIN JEFRED: "Re : Anyone able to build javacurl.dll in win 7 using mingw32"
In reply to: plot.lost: "SSL handshake problems"
Next in thread: plot.lost: "Re: SSL handshake problems"
Reply: plot.lost: "Re: SSL handshake problems"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]