Thanks for replying to my earlier message. I did not enable the option of
receiving e-mail from this mailing list.. I thought that I could read the
reply and also send reply to the thread online, instead of receiving it in
my inbox. Therefore, instead of replying to your thread, I am creating a
new message as I did not receive your reply in my inbox. Sorry for
duplicating part of the message. I have now changed the necessary option in
Previously and now , I had typed the following commands
curl -v https://www.wellsfargo.com
curl -v https://www.bankofamerica.com
Both of them worked fine, i.e I get proper code in the reply.
But, when I type
curl -v https://www.tvg.com
I am still getting the error mentioned below, which is same as earlier,
even after updating my NSS using
yum upgrade nss
Please help me by giving me hints about how to solve this problem.
I am getting the following message now.
"* About to connect() to www.tvg.com port 443 (#0)
* Trying 184.108.40.206... connected
* Connected to www.tvg.com (220.127.116.11) port 443 (#0)
* Initializing NSS with certpath: /etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
* subject: CN=www.tvg.com,OU=Engineering,O=T V G,L=Beaverton,ST=Oregon,C=US
* start date: Oct 14 00:00:00 2011 GMT
* expire date: Oct 22 23:59:59 2016 GMT
* common name: www.tvg.com
* issuer: CN=Thawte SSL CA,O="Thawte, Inc.",C=US
> GET / HTTP/1.1
> User-Agent: curl/7.21.0 (i386-redhat-linux-gnu) libcurl/7.21.0 NSS/
18.104.22.168 zlib/1.2.5 libidn/1.18 libssh2/1.2.4
> Host: www.tvg.com
> Accept: */*
* Empty reply from server
* Connection #0 to host www.tvg.com left intact
curl: (52) Empty reply from server
* Closing connection #0"
This was your earlier reply.
"On Thu, 17 May 2012, Ajay wrote:
*> * Connected to www.tvg.com (22.214.171.124) port 443 (#0) *
*>> GET / HTTP/1.1 *
*>> User-Agent: curl/7.21.0 (i386-redhat-linux-gnu) libcurl/7.21.0 NSS/ *
*> 126.96.36.199 zlib/1.2.5 libidn/1.18 libssh2/1.2.4 *
*>> Host: www.tvg.com *
*>> Accept: */* *
*> * Empty reply from server *
This means curl got no error reported from the SSL library (NSS) but it
get any response from the HTTPS server and that is an error.
*> I searched curl-users archive regarding this type of reply and I found
*> following thread that mentions about "Unpatched client and patched
*> server" http://curl.haxx.se/mail/archive-2010-12/0004.html *
That's one case showing the same symptom, yes, but we can't tell if the
reasons are the same.
*> As mentioned in the above URL, I do not know how to set the parameter *
*> "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" Could anyone of you please
*> me how to set this parameter, if this is the solution or suggest an *
*> alternative way of solving the problem. *
I believe that is an OpenSSL option and A) it would require a rebuild to
and B) your current curl doesn't even use OpenSSL but NSS... and as I said,
don't even know that is the reason for the problem.
*> I tried executing the same curl command with other https website and I
*> getting a non-empty response. *
That sounds like a more fundamental problem with your NSS library then. Is
there _any_ HTTPS site that works for you?
*> I am getting the following output *
*> OpenSSL 1.0.0e-fips 6 Sep 2011 *
Your curl runs NSS so the OpenSSL version isn't relevant here...
List admin: http://cool.haxx.se/list/listinfo/curl-users
Received on 2012-05-21