curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: excessive amount of output produced by `curl -v` for a TLSv1.3 connection

From: Ray Satiro via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 29 Mar 2023 03:48:33 -0400

On 3/29/2023 3:37 AM, Kamil Dudka via curl-library wrote:
> `curl -v` started to print an excessive amount of output for a TLSv1.3
> connection. Is it really useful to get two lines of verbose output for
> each chunk of data (sometimes 1B) transferred over a TLS connection?
>
> $ curl -V
> curl 7.61.1 (x86_64-redhat-linux-gnu) libcurl/7.61.1 OpenSSL/1.1.1k zlib/1.2.11 brotli/1.0.6 libidn2/2.2.0 libpsl/0.20.2 (+libidn2/2.2.0) libssh/0.9.6/openssl/zlib nghttp2/1.33.0
> Release-Date: 2018-09-05
> Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
> Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz brotli TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
>
> $ curl -Lfsvo/dev/nullhttps://static.snyk.io/cli/latest/snyk-linux
> * Trying 2a02:26f0:dc:39a::ecd...
> * TCP_NODELAY set
> * connect to 2a02:26f0:dc:39a::ecd port 443 failed: Network is unreachable
> * Trying 2a02:26f0:dc:39b::ecd...
> * TCP_NODELAY set
> * connect to 2a02:26f0:dc:39b::ecd port 443 failed: Network is unreachable
> * Trying 104.64.115.38...
> * TCP_NODELAY set
> * Connected to static.snyk.io (104.64.115.38) port 443 (#0)
> * ALPN, offering h2
> * ALPN, offering http/1.1
> * successfully set certificate verify locations:
> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
> CApath: none
> } [5 bytes data]
> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> } [512 bytes data]
> * TLSv1.3 (IN), TLS handshake, Server hello (2):
> { [122 bytes data]
> * TLSv1.3 (IN), TLS handshake, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
> { [35 bytes data]
> * TLSv1.3 (IN), TLS handshake, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS handshake, Certificate (11):
> { [3104 bytes data]
> * TLSv1.3 (IN), TLS handshake, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS handshake, CERT verify (15):
> { [264 bytes data]
> * TLSv1.3 (IN), TLS handshake, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS handshake, Finished (20):
> { [52 bytes data]
> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
> } [1 bytes data]
> * TLSv1.3 (OUT), TLS handshake, [no content] (0):
> } [1 bytes data]
> * TLSv1.3 (OUT), TLS handshake, Finished (20):
> } [52 bytes data]
> * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
> * ALPN, server accepted to use http/1.1
> * Server certificate:
> * subject: C=GB; L=London; O=Snyk Ltd; CN=snyk.io
> * start date: Nov 18 00:00:00 2022 GMT
> * expire date: Jul 27 23:59:59 2023 GMT
> * subjectAltName: host "static.snyk.io" matched cert's "static.snyk.io"
> * issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=GeoTrust RSA CA 2018
> * SSL certificate verify ok.
> } [5 bytes data]
> * TLSv1.3 (OUT), TLS app data, [no content] (0):
> } [1 bytes data]
>> GET /cli/latest/snyk-linux HTTP/1.1
>> Host: static.snyk.io
>> User-Agent: curl/7.61.1
>> Accept: */*
>>
> { [5 bytes data]
> * TLSv1.3 (IN), TLS handshake, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
> { [265 bytes data]
> * TLSv1.3 (IN), TLS handshake, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
> { [265 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> < HTTP/1.1 200 OK
> < x-amz-id-2: YvlM8X+2Tcdfmp51NLiwgfSOk7HKseAi7XbFSSyN34RlcgqH02uWnYmmnoPa6w9Wc1Xp/GdeN4Y=
> < x-amz-request-id: SRGHSEZ3EGAP94NG
> < Last-Modified: Tue, 28 Mar 2023 16:10:53 GMT
> < ETag: "33cc191c45168278f7621ae86f7555b0-9"
> < x-amz-server-side-encryption: AES256
> < Accept-Ranges: bytes
> < Content-Type: binary/octet-stream
> < Server: AmazonS3
> < Content-Length: 70874981
> < Cache-Control: max-age=296
> < Expires: Wed, 29 Mar 2023 06:59:32 GMT
> < Date: Wed, 29 Mar 2023 06:54:36 GMT
> < Connection: keep-alive
> < X-Frame-Options: SAMEORIGIN
> < X-Content-Type-Options: nosniff
> < X-Xss-Protection: 1; mode=block
> < Strict-Transport-Security: max-age=31536000; preload
> < Access-Control-Max-Age: 3000
> < Access-Control-Allow-Methods: GET
> < Access-Control-Allow-Origin: *
> <
> { [15635 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> { [1 bytes data]
> * TLSv1.3 (IN), TLS app data, [no content] (0):
> [...]
>
> We have to stop using `curl -v` in csmock plug-ins because of this:
>
> https://github.com/csutils/csmock/pull/103
>
> Same problem with the latest curl upstream git HEAD...


I don't see that output in curl 8.0.1.

{ [15637 bytes data]
* Connection #0 to host static.snyk.io left intact

curl 8.0.1 (x86_64-pc-linux-gnu) libcurl/8.0.1 OpenSSL/3.1.0 zlib/1.2.13
libssh2/1.10.0 nghttp2/1.52.0 librtmp/2.3
Release-Date: 2023-03-20
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap
ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HSTS HTTP2 HTTPS-proxy IPv6 Largefile libz
NTLM NTLM_WB SSL threadsafe TLS-SRP UnixSockets


-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2023-03-29