cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: libcurl and https problem

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 2 Sep 2011 09:00:33 +0200 (CEST)

On Fri, 2 Sep 2011, Daan Try wrote:

>>> SSL Library Error: 336068931 error:14080143:SSL
>>> routines:SSL3_ACCEPT:unsafe legacy renegotiation disabled
>>
>> Using OpenSSL? What OpenSSL version is this and do you happen to know what
>> drives the SSL layer in this particular server end?
>>
> How can I figure out what version of OpenSSL is used, just by looking at the
> installed library version? I have no control and no access to the server
> part, so I can probably not figure out what is running there.

Then it is certainly hard, yes. I'm not sure how valuable that info is in this
case anyway.

As the error message says, you get problems because the server seems to ask
for an "unsafe legacy renegotiation" and modern TLS implementations will not
agree to do that as that's a major security problem. Possibly you can ask the
admins of the particular server about this.

I found a decent summary of the renegotiation problem here:
http://lwn.net/Articles/362234/

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2011-09-02

This message: [ Message body ]
Next message: Dan Fandrich: "Re: CURL build for Android"
Previous message: Daan Try: "Re: libcurl and https problem"
In reply to: Daan Try: "Re: libcurl and https problem"
Next in thread: Daan Try: "Re: libcurl and https problem"
Reply: Daan Try: "Re: libcurl and https problem"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]