More analysis...

As it turns out libcurl/curl can access TLSv1, the problem appears to be a
very suttle one. In the sense of:
     curl+http proxy = OK
     curl+ssl/tls = OK
     curl+ssl/tls via http proxy = NOTOK

i.e. I set up a HTTPS TLSv1/SSL3 server inside the proxy firewall and was
able to connect and down load from it.

as it terns out the method
req_method = SSLv23_client_method();
will automatically select the required SSL method, including TLSv1. I also
altered curl to accept a switch -1/-TLSv1 and set:
  case 1:
    req_method = TLSv1_client_method();

this was quite simple to do. Testing it against the https server inside the
firewall worked fine.

As soon as I tried downloading from outside the http proxy firewall, it came
back with the standard error:

Curl: (35) SSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number

So it appeared that the problem was not so much TLSv1 as SSL through a proxy
firewall.

To confirm this I set up the HTTP-Tunnel to respond on port 443 on the local
machine and do the HTTP tunneling to the remote HTTPS server. i.e. from
curls point of view the remote server looked like a local server.

This worked.

So it appears that it is the combination of HTTP proxy + SSL that is causing
the problem? some subtle interaction?

I'd be interested to know if anyone can verify this? i.e. am I the only one
experiencing this problem?

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
Received on 2001-10-25