cURL Mailing List Monthly Index Single Mail
curl-tracker Archives
[curl:bugs] #1319 Bug: "Unsupported SSL protocol version" Error
From: Jay Satiro <raysatiro_at_users.sf.net>
Date: Mon, 02 Feb 2015 22:23:51 +0000
I can confirm what Andre reported in Ubuntu 14 x64 with OpenSSL 1.0.1f. I did a bisect and it traces back to https://github.com/bagder/curl/commit/ad34a2d I think because that's where the TLS protocol maximum version becomes TLSv1.2.
The server identifies as Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8x. AFAIK 0.9.8 cannot use TLSv1.1 or TLSv1.2. The server does accept TLSv1.0. I don't know why it hangs on a maximum value of TLSv1.2, hopefully someone can fill us in on this.
OpenSSL s_client hangs as well, tested Windows 7 x64/OpenSSL 1.0.1j and Ubuntu 14 x64/OpenSSL 1.0.1f:
openssl s_client -connect qasecommerce.cielo.com.br:443
-debug shows no server hello received in response to the client hello. Adding -bugs fixes it though...
I checked curl tool built from ad34a2d with every protocol version for that server, here are the results.
curl 7.33.1-DEV (x86_64-unknown-linux-gnu) libcurl/7.33.1-DEV OpenSSL/1.0.1f zlib/1.2.8
src/curl https://qasecommerce.cielo.com.br/servicos/ecommwsec.do -v
--sslv3 shows 'wrong version number':
* SSLv3, TLS handshake, Client hello (1):
--tlsv1.0 ok:
* SSLv3, TLS handshake, Client hello (1):
--tlsv1.1 shows 'Unsupported protocol':
* SSLv3, TLS handshake, Client hello (1):
--tlsv1 and --tlsv1.2 there's a hang after client hello, then shows 'Unknown SSL protocol':
* SSLv3, TLS handshake, Client hello (1):
Andre please try --tlsv1.0
--- ** [bugs:#1319] Bug: "Unsupported SSL protocol version" Error** **Status:** closed-fixed **Created:** Thu Jan 02, 2014 07:44 PM UTC by Mohammad Hossekh Sekhavat **Last Updated:** Mon Feb 02, 2015 01:50 PM UTC **Owner:** Daniel Stenberg Since I have upgraded from version 7.33 to 7.34, I am getting "Unsupported SSL protocol version" error with SSLv3. In order to reproduce the problem, run the command: curl -v -3 -g 'https://aur.archlinux.org/' Following output error will be showin in my machine: * Hostname was NOT found in DNS cache * Adding handle: conn: 0x237e040 * Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0x237e040) send_pipe: 1, recv_pipe: 0 * Trying 78.46.78.247... * Trying 2a01:4f8:120:34c2::2... * Immediate connect fail for 2a01:4f8:120:34c2::2: Network is unreachable * Connected to aur.archlinux.org (78.46.78.247) port 443 (#0) * Unsupported SSL protocol version * Closing connection 0 curl: (35) Unsupported SSL protocol version My System Info: $curl -V curl 7.34.0 (x86_64-unknown-linux-gnu) libcurl/7.34.0 OpenSSL/1.0.1e zlib/1.2.8 libssh2/1.4.3 Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP $uname -a Linux mohammad-tp 3.12.6-1-ARCH #1 SMP PREEMPT Fri Dec 20 19:39:00 CET 2013 x86_64 GNU/Linux --- Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/ To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.Received on 2015-02-02 These mail archives are generated by hypermail. |