curl / Mailing Lists / curl-users / Single Mail

curl-users

Re: ssl failure, MITM attack?

From: David Niklas <doark_at_mail.com>
Date: Wed, 8 Feb 2017 16:40:00 -0500

On Thu, 2 Feb 2017 02:59:01 -0500
Ray Satiro <raysatiro_at_yahoo.com> wrote:
> On 2/1/2017 12:10 PM, David Niklas wrote:
> > I wanted to get a link from a US gov website. firefox was taking all
> > eternity, so I decided to use curl.
> > My system clock is set correctly, I have an up-to-date system, with
> > associated up-to-date certs.
> > My problem is that I had to try downloading three times before I got
> > the file. The first had the below error, the second stopped part way
> > through. I'm curious to know if I'm being MITM attacked.
> >
> > Linux ulgy_thing 4.4.39-gentoo-nopreempt-dav2 #1 SMP Thu Dec 22
> > 16:14:17 UTC 2016 x86_64 Intel(R) Pentium(R) CPU 2117U @ 1.80GHz
> > GenuineIntel GNU/Linux
> >
> > My curl version is:
> >
> > curl 7.52.1 (x86_64-pc-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.2j
> > zlib/1.2.11 libidn2/0.11 libssh2/1.7.0 nghttp2/1.10.0 librtmp/2.3
> > Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s
> > rtmp rtsp scp sftp smtp smtps telnet tftp Features: AsynchDNS IDN IPv6
> > Largefile GSS-API Kerberos SPNEGO NTLM SSL libz TLS-SRP HTTP2
> > UnixSockets HTTPS-proxy Metalink
> >
> >
> > % curl -vD- -o Downloads/2016-24888.pdf
> > https://www.gpo.gov/fdsys/pkg/FR-2016-10-17/pdf/2016-24888.pdf
> > % Total % Received
> > % Xferd Average Speed Time Time Time Current Dload Upload
> > Total Spent Left Speed 0 0 0 0 0 0
> > 0 0 --:--:-- --:--:-- --:--:--
> > 0*
> > Trying 162.140.14.20...
> > * TCP_NODELAY set
> > * Connected to www.gpo.gov (162.140.14.20) port 443 (#0)
> > 0 0 0 0 0 0 0 0 --:--:-- 0:00:01
> > --:--:--
> > 0*
> > ALPN, offering h2
> > * ALPN, offering http/1.1
> > * Cipher selection:
> > ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
> > * successfully set certificate verify locations:
> > * CAfile: /etc/ssl/certs/ca-certificates.crt
> > CApath: /etc/ssl/certs
> > * TLSv1.2 (OUT), TLS header, Certificate Status (22):
> > } [5 bytes data]
> > * TLSv1.2 (OUT), TLS handshake, Client hello (1):
> > } [512 bytes data]
> > * TLSv1.2 (IN), TLS handshake, Server hello (2):
> > { [91 bytes data]
> > * TLSv1.2 (IN), TLS handshake, Certificate (11):
> > { [3517 bytes data]
> > * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
> > { [333 bytes data]
> > * TLSv1.2 (IN), TLS handshake, Server finished (14):
> > { [4 bytes data]
> > * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
> > } [70 bytes data]
> > * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
> > } [1 bytes data]
> > * TLSv1.2 (OUT), TLS handshake, Finished (20):
> > } [16 bytes data]
> > 0 0 0 0 0 0 0 0 --:--:-- 0:00:11
> > --:--:--
> > 0*
> > Unknown SSL protocol error in connection to www.gpo.gov:443
> > * Curl_http_done: called premature == 1
> > * stopped the pause stream!
> > 0 0 0 0 0 0 0 0 --:--:-- 0:00:12
> > --:--:-- 0
> > * Closing connection 0
> > curl: (35) Unknown SSL protocol error in connection to
> > www.gpo.gov:443 % echo $?
> > 35
>
> Is it reproducible? I tried multiple times in the latest all of OpenSSL,
> wolfSSL, mbedTLS and WinSSL both this afternoon and this evening and
> cannot reproduce in any of them. I tried both release 7.52.1 and latest
> repo master. My guess is it was a server problem.
Obama care website roto-virus :)

> If someone was trying to MITM you maybe they'd take advantage of your
> SSL library (unlikely since you're using the latest version) or have
> certificates not signed by your certificate authority (also unlikely
> since curl will show you an error message in those cases). Whether or
> not someone is doing that to you I don't know, I just think it's
> unlikely given that it dies like that.
>
> There is an SSL issue in curl 7.52.1 that has since been fixed in the
> repo but in the meantime has bit a few people [1]. I'm not sure why it's
> a problem for some people and not others. If you can reproduce your
> transfer problem in 7.52.1 try building curl from the repo with the same
> OpenSSL and see if you can still reproduce, because maybe you are
> experiencing that issue.
>
> [1]: https://github.com/curl/curl/issues/1174
No, I can't reproduce. You can consider the problem resolved.

Thanks
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-02-08