cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Unknown SSL protocol error in connection (bug 1329)

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Sat, 3 May 2014 00:24:05 +0200 (CEST)

On Thu, 1 May 2014, Quanah Gibson-Mount wrote:

>> Can bug#1319 be reopened please? I've updated it with info from 7.36.0
>> failures.
>>
>> <https://sourceforge.net/p/curl/bugs/1319/>

I don't think that'll help us much so I rather not.

> Tracked this down to the cipher the server was using
> (<http://ehc.ac/p/curl/bugs/1329/>)
>
> However, the output is very misleading in this particular case (--ciphers
> ALL resolved it).

Yes, but it is simply the case that it isn't easy or even possible to tell why
the handshake fails. Thus, it isn't really a bug in curl that the connection
fails, the problem is that your server insists on using insecure ciphers and
unless curl fails on that you wouldn't know and you'd believe it was safe and
sound.

By insisting on "ALL" (which you really shouldn't) you've basically agreed to
that it is fine that your TLS connection is insecure.

If you can come up with a better error message for this, then I'd be very
happy to provide that. (Re-)Opening bug reports for this won't help much...

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2014-05-03