Mailing Lists
cURL Mailing List Monthly Index Single Mail
curl-tracker Archives
[curl:bugs] #1430 "Unknown SSL protocol error" - regression in curl 7.35 and later
From: Daniel Stenberg <bagder_at_users.sf.net>
Date: Sat, 25 Oct 2014 19:53:27 +0000
- **status**: pending --> closed-invalid
No further response, closing.
--- ** [bugs:#1430] "Unknown SSL protocol error" - regression in curl 7.35 and later** **Status:** closed-invalid **Labels:** SSL/TLS **Created:** Fri Oct 03, 2014 09:37 PM UTC by Nowaker **Last Updated:** Mon Oct 06, 2014 12:54 PM UTC **Owner:** Daniel Stenberg https://jira.atlashost.eu/ doesn't work with curl, but works in any browser, or with `wget`. ``` root_at_nwkr-desktop ~ # curl --version curl 7.38.0 (x86_64-unknown-linux-gnu) libcurl/7.38.0 OpenSSL/1.0.1i zlib/1.2.8 libssh2/1.4.3 Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp Features: AsynchDNS IPv6 Largefile GSS-API SPNEGO NTLM NTLM_WB SSL libz TLS-SRP root@nwkr-desktop ~ # curl https://jira.atlashost.eu/ curl: (35) Unknown SSL protocol error in connection to jira.atlashost.eu:443 ``` Last version that works: ``` root_at_nwkr-desktop ~ # curl --version curl 7.34.0 (x86_64-unknown-linux-gnu) libcurl/7.34.0 OpenSSL/1.0.1i zlib/1.2.8 libssh2/1.4.3 Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP root@nwkr-desktop ~ # curl -I https://jira.atlashost.eu/ 2>/dev/null | head -n 1 HTTP/1.1 500 Internal Server Error ``` OpenSSL string with ciphers: EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!MD5:!SSLv2:!aNULL:!eNULL:!LOW:!3DES:!EXP:!PSK:!SRP:!DSS In nodejs 0.10 this string results in only TLS_RSA_WITH_RC4_128_SHA being available. I force-disabled weaker ciphers, so it's not possible to use them at all (e.g. TLS_RSA_WITH_DES_CBC_SHA). My guess is curl has those weak ciphers on its accept list but apparently doesn't have the TLS_RSA_WITH_RC4_128_SHA. This cipher is OK (but not perfect) and if it's the only supported cipher by the server, curl should stick to it. Consult SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=jira.atlashost.eu Let me know how I can help you. --- Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/ To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.Received on 2014-10-25 These mail archives are generated by hypermail. |