cURL cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[curl:bugs] #1453 "Unknown SSL protocol error" with curl > 7.34

From: Andreas Lamprecht <alamp_at_users.sf.net>
Date: Wed, 19 Nov 2014 17:48:01 +0000

---
** [bugs:#1453] "Unknown SSL protocol error" with curl > 7.34**
**Status:** open
**Created:** Wed Nov 19, 2014 05:47 PM UTC by Andreas Lamprecht
**Last Updated:** Wed Nov 19, 2014 05:47 PM UTC
**Owner:** nobody
Hi!
I'm having problems with curl version greater that 7.34
It looks like curl > 7.34 has a problem with the server response.
RC4-SHA was the protocol selected by the server if i do not provide any cipher on the command-line
with curl 7.34:
]# /usr/local/curl-7.34/bin/curl -v -v -v --cipher 'RC4-SHA'  --insecure https://keyman.siemens.at/
* Hostname was NOT found in DNS cache
*   Trying 158.226.250.57...
* Adding handle: conn: 0x24f4ec0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x24f4ec0) send_pipe: 1, recv_pipe: 0
* Connected to keyman.siemens.at (158.226.250.57) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-SHA
* Server certificate:
*        subject: OU=GMS GO GD AHS DBA; O=Siemens; C=AT; CN=keyman.siemens.at
*        start date: 2014-06-26 08:30:17 GMT
*        expire date: 2015-06-26 08:30:17 GMT
*        issuer: C=DE; O=Siemens; serialNumber=ZZZZZZY7; OU=Copyright (C) Siemens AG 2013 All Rights Reserved; OU=Issuing CA for Siemens non-personalized SSL/TLS-based End Entities; CN=Siemens Issuing CA Intranet Server 2013
*        SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET / HTTP/1.1
with curl 7.39:
# /usr/local/curl-7.39/bin/curl -v -v -v --cipher 'RC4-SHA'  --tlsv1 --insecure https://keyman.siemens.at/
* Hostname was NOT found in DNS cache
*   Trying 158.226.250.57...
* Connected to keyman.siemens.at (158.226.250.57) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol
* Closing connection 0
curl: (35) error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol
If i use curl 7.39 without any ciphers, then i get this:
# /usr/local/curl-7.39/bin/curl -v -v -v  --tlsv1 --insecure https://keyman.siemens.at/
* Hostname was NOT found in DNS cache
*   Trying 158.226.250.57...
* Connected to keyman.siemens.at (158.226.250.57) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to keyman.siemens.at:443
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to keyman.siemens.at:443
I have also done a tcpdump for both requests and attaching it to that message. In both cases the server sends back a server hello done, but curl 7.39 seems not to be able to interpret that server response.
Server software is Windows IIS version 6.0
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.
Received on 2014-11-19

These mail archives are generated by hypermail.