cURL / Mailing Lists / curl-library / Single Mail

curl-library

Cipher List setting in Https Request

From: Woods <woods.biz_at_gmail.com>
Date: Sun, 15 Jun 2014 21:47:01 +0800

I use Curl Library C API to request a Https Url, but got an error of "Empty
reply from server". So I used standard Curl command to request the same
Url, and get correct result. I noticed that a major difference from the
dump out information is that different Cipher algorithm is used. So that I
change my code by setting RC4-MD5 as in the cipher list, and the request
becomes correct.

I don't feel I perfectly fix the problem since this is a bit like hard
coding. Is there an automatic way letting curl to negotiate and choose
proper cipher method? Thanks for your advice.

I have listed 3 message dump below: (1) My initial program dump (failed);
(2) Standard Curl command dump (successful); (3) Changed program dump
(successful).

##################################################
(1) My initial program dump (failed)

Rebuilt URL to: https://Loadtech.etdatacenter.com/
Hostname was NOT found in DNS cache
  Trying 69.48.209.242...
Connected to Loadtech.etdatacenter.com (69.48.209.242) port 443 (#0)
successfully set certificate verify locations:
  CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):

SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using TLSv1.0 / DES-CBC3-SHA
Server certificate:
     subject: C=US; ST=Pennsylvania; L=Pittsburgh; O=Express Technologies;
OU=Data Center; CN=loadtech.etdatacenter.com
     start date: 2014-03-28 00:00:00 GMT
     expire date: 2016-04-22 23:59:59 GMT
     issuer: C=US; O=Thawte, Inc.; CN=Thawte SSL CA
     SSL certificate verify ok.
GET / HTTP/1.1
Host: Loadtech.etdatacenter.com
Accept: */*
Accept-Language: en-us
Referer: http://www.hyperspin.com/monitored-by-user-dbrand
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; www.xxx.com username dbrand)

Empty reply from server
Connection #0 to host Loadtech.etdatacenter.com left intact

##############################################################
(2) Standard Curl command dump (successful)

curl -v https://Loadtech.etdatacenter.com
* About to connect() to Loadtech.etdatacenter.com port 443 (#0)
* Trying 69.48.209.242... connected
* Connected to Loadtech.etdatacenter.com (69.48.209.242) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using SSL_RSA_WITH_RC4_128_MD5
* Server certificate:
* subject: CN=loadtech.etdatacenter.com,OU=Data Center,O=Express
Technologies,L=Pittsburgh,ST=Pennsylvania,C=US
* start date: Mar 28 00:00:00 2014 GMT
* expire date: Apr 22 23:59:59 2016 GMT
* common name: loadtech.etdatacenter.com
* issuer: CN=Thawte SSL CA,O="Thawte, Inc.",C=US
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (i386-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3
zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: Loadtech.etdatacenter.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Sun, 15 Jun 2014 13:10:35 GMT
< Server: Microsoft-IIS/6.0
< Content-Length: 239
< Content-Type: text/html
< Content-Location: https://loadtech.etdatacenter.com/WebInterface.htm
< Last-Modified: Fri, 11 Apr 2008 17:06:45 GMT
< Accept-Ranges: bytes
< ETag: "6669ea6bf69bc81:7b4"
< X-Powered-By: ASP.NET
<
<!--
  WebInterface.htm
  Copyright (c) 2000 - 2007 Citrix Systems, Inc. All Rights Reserved.
  Web Interface 4.6.0.18291
-->
<script type="text/javascript">
  <!--
  window.location="/Citrix/AccessPlatform";
  // -->
* Connection #0 to host Loadtech.etdatacenter.com left intact
* Closing connection #0

#######################################################
(3) Changed program dump (successful)

Rebuilt URL to: https://Loadtech.etdatacenter.com/
Hostname was NOT found in DNS cache
  Trying 69.48.209.242...
Connected to Loadtech.etdatacenter.com (69.48.209.242) port 443 (#0)
successfully set certificate verify locations:
  CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):

SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using TLSv1.0 / RC4-MD5
Server certificate:
     subject: C=US; ST=Pennsylvania; L=Pittsburgh; O=Express Technologies;
OU=Data Center; CN=loadtech.etdatacenter.com
     start date: 2014-03-28 00:00:00 GMT
     expire date: 2016-04-22 23:59:59 GMT
     issuer: C=US; O=Thawte, Inc.; CN=Thawte SSL CA
     SSL certificate verify ok.
GET / HTTP/1.1
Host: Loadtech.etdatacenter.com
Accept: */*
Accept-Language: en-us
Referer: http://www.hyperspin.com/monitored-by-user-dbrand
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; www.hyperspin.com username
dbrand)

HTTP/1.1 200 OK
Date: Sun, 15 Jun 2014 13:09:43 GMT
Server Microsoft-IIS/6.0 is not blacklisted
Server: Microsoft-IIS/6.0
Content-Length: 239
Content-Type: text/html
Content-Location: https://loadtech.etdatacenter.com/WebInterface.htm
Last-Modified: Fri, 11 Apr 2008 17:06:45 GMT
Accept-Ranges: bytes
ETag: "6669ea6bf69bc81:7b4"
X-Powered-By: ASP.NET

<!--
  WebInterface.htm
  Copyright (c) 2000 - 2007 Citrix Systems, Inc. All Rights Reserved.
  Web Interface 4.6.0.18291
-->
<script type="text/javascript">
  <!--
  window.location="/Citrix/AccessPlatform";
  // -->
</script>Connection #0 to host Loadtech.etdatacenter.com left intact

-- 
Woods

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-06-16