curl-library
Re: SSL handshake problems
Date: Sun, 10 Feb 2013 18:37:01 +0000
On 10/02/2013 18:25, Nick Zitzmann wrote:
> On Feb 10, 2013, at 3:48 AM, plot.lost <plot.lost_at_gmail.com> wrote:
>
>> Is there a command line option that basically combines -1 and -3, i.e. sets the connection to allow SSLv3 or TLSv1, but prevents any attempt to use SSLv2 - so something that says use SSL or TLS as long as it is not SSLv2
> The default behavior is to use SSLv3 and TLS 1.0 (and 1.1 and 1.2 if your TLS library supports them) but not SSLv2. So there's no need for a command line option.
>
> Nick Zitzmann
> <http://www.chronosnet.com/>
>
>
The problem is that if I give no command line option, then it freezes
when connecting to this server. Only if I give -3 or -1 does it connect.
Leaving it to the default causes the SSL connection timeout - which
itself maybe be caused within OpenSSL but I can't change that. Curl can
work around that problem by setting different options within OpenSSL
depending on the -3 or -1 flags, so was trying to see if there is
something that can be set which will cause options to be set within
OpenSSL that stops this freeze from happening, without limiting to just
SSLv3 or just TLSv1
What happens for curl running on other systems where OpenSSL also causes
the same problem, is there anything that can be done within curl to
change the OpenSSL behavior to fix this?
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-02-10