Changelog Development Documentation Download libcurl Mailing Lists News
cURL / Mailing Lists / curl-library / Single Mail

curl-library

libcurl and SSLv2

From: Lenny Rachitsky <lennysan_at_gmail.com>
Date: Fri, 2 Jan 2009 12:42:49 -0800

I've run into an interesting problem. When trying to connect to the domain
www.hottopic.com, which recently disabled SSLv2 support, I get the
following:
> curl --verbose https://www.hottopic.com/
* About to connect() to www.hottopic.com port 443 (#0)
* Trying 65.208.131.90... connected
* Connected to www.hottopic.com (65.208.131.90) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /usr/share/ssl/certs/ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to www.hottopic.com:443
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to www.hottopic.com:443

Here is my version information:
> curl --version
curl 7.19.1-test (i686-pc-linux-gnu) libcurl/7.19.1-test OpenSSL/0.9.7a
zlib/1.1.4
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: Largefile NTLM SSL libz

When running this same command with an older version of openssl, it works
fine:

> curl --version
curl 7.19.2 (i686-pc-linux-gnu) libcurl/7.19.2 OpenSSL/0.9.7a zlib/1.1.4
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: Largefile NTLM SSL libz

> curl --verbose https://www.hottopic.com/
* About to connect() to www.hottopic.com port 443 (#0)
* Trying 65.208.131.90... connected
* Connected to www.hottopic.com (65.208.131.90) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /usr/share/ssl/certs/ca-bundle.crt
  CApath: none
* SSLv2, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DES-CBC3-SHA
* Server certificate:...

Has anyone seen this kind of behavior before? I would bet most of you if you
ran this command would see the error, or one like it, as I presume most of
you have the latest version of openssl and libcurl installed.

I would have to have to downgrade openssl versions, but at this point that
seems to be my only choice.

Thanks in advance.
Received on 2009-01-02