Mailing Lists
cURL Mailing List Monthly Index Single Mail
curl-tracker Archives
[curl:bugs] #1453 "Unknown SSL protocol error" with curl > 7.34
From: Andreas Lamprecht <alamp_at_users.sf.net>
Date: Wed, 19 Nov 2014 17:48:01 +0000
--- ** [bugs:#1453] "Unknown SSL protocol error" with curl > 7.34** **Status:** open **Created:** Wed Nov 19, 2014 05:47 PM UTC by Andreas Lamprecht **Last Updated:** Wed Nov 19, 2014 05:47 PM UTC **Owner:** nobody Hi! I'm having problems with curl version greater that 7.34 It looks like curl > 7.34 has a problem with the server response. RC4-SHA was the protocol selected by the server if i do not provide any cipher on the command-line with curl 7.34: ]# /usr/local/curl-7.34/bin/curl -v -v -v --cipher 'RC4-SHA' --insecure https://keyman.siemens.at/ * Hostname was NOT found in DNS cache * Trying 158.226.250.57... * Adding handle: conn: 0x24f4ec0 * Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0x24f4ec0) send_pipe: 1, recv_pipe: 0 * Connected to keyman.siemens.at (158.226.250.57) port 443 (#0) * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using RC4-SHA * Server certificate: * subject: OU=GMS GO GD AHS DBA; O=Siemens; C=AT; CN=keyman.siemens.at * start date: 2014-06-26 08:30:17 GMT * expire date: 2015-06-26 08:30:17 GMT * issuer: C=DE; O=Siemens; serialNumber=ZZZZZZY7; OU=Copyright (C) Siemens AG 2013 All Rights Reserved; OU=Issuing CA for Siemens non-personalized SSL/TLS-based End Entities; CN=Siemens Issuing CA Intranet Server 2013 * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. > GET / HTTP/1.1 with curl 7.39: # /usr/local/curl-7.39/bin/curl -v -v -v --cipher 'RC4-SHA' --tlsv1 --insecure https://keyman.siemens.at/ * Hostname was NOT found in DNS cache * Trying 158.226.250.57... * Connected to keyman.siemens.at (158.226.250.57) port 443 (#0) * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSLv3, TLS handshake, Client hello (1): * error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol * Closing connection 0 curl: (35) error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol If i use curl 7.39 without any ciphers, then i get this: # /usr/local/curl-7.39/bin/curl -v -v -v --tlsv1 --insecure https://keyman.siemens.at/ * Hostname was NOT found in DNS cache * Trying 158.226.250.57... * Connected to keyman.siemens.at (158.226.250.57) port 443 (#0) * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSLv3, TLS handshake, Client hello (1): * Unknown SSL protocol error in connection to keyman.siemens.at:443 * Closing connection 0 curl: (35) Unknown SSL protocol error in connection to keyman.siemens.at:443 I have also done a tcpdump for both requests and attaching it to that message. In both cases the server sends back a server hello done, but curl 7.39 seems not to be able to interpret that server response. Server software is Windows IIS version 6.0 --- Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/ To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.Received on 2014-11-19 These mail archives are generated by hypermail. |