On 07/09/2012 10:58 PM, Anu Shrestha wrote:
> RE: Need install of curl 7.16.2 (ia64-hp-hpux11.23) libcurl/7.16.2
>
> Summary: Handshaking between the client and host cipher(TLSV1/SSLV3) is not compatible with
> current version of curl 7.24. It used to work with 7.21. What changes between the version could
> have this?
>
> Eg
>
> Also just from command line, default connection from curl to host fails handshake. Specifying tls
> fails handshake as well. Forcing sslv3 works. Using openssl it works in both scenarios. All
> samples are below. Any help would be MUCH appreciated.
>
> curl -vvv https://kmc03bit ====> (doesn’t work)
>

this may be a problem with SNI?
What does the server expects as ServerNameIndication?
try and use a fully qualified dns name or just the ip address to see what happens

> * About to connect() to kmc03bit port 443 (#0)
>
> * Trying 10.50.60.102...
>
> * connected
>
> * Connected to kmc03bit (10.50.60.102) port 443 (#0)
>
> * SSLv3, TLS handshake, Client hello (1):
>
> * error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected mese
>
> * Closing connection #0
>
> curl: (35) error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected
>
> curl -vvv --tlsv1 https://kmc03bit ====> (doesn’t work)
>
> * About to connect() to kmc03bit port 443 (#0)
>
> * Trying 10.50.60.102...
>
> * connected
>
> * Connected to kmc03bit (10.50.60.102) port 443 (#0)
>
> * SSLv3, TLS handshake, Client hello (1):
>
> * SSLv3, TLS alert, Server hello (2):
>
> * error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message
>
> * Closing connection #0
>
> curl: (35) error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected me
>
> curl -vvv --sslv3 https://kmc03bit è(works)
>
> * About to connect() to kmc03bit port 443 (#0)
>
> * Trying 10.50.60.102...
>
> * connected
>
> * Connected to kmc03bit (10.50.60.102) port 443 (#0)
>
> * SSLv3, TLS handshake, Client hello (1):
>
> * SSLv3, TLS handshake, Server hello (2):
>
> * SSLv3, TLS handshake, CERT (11):
>
> * SSLv3, TLS alert, Server hello (2):
>
> * SSL certificate problem, verify that the CA cert is OK. Details:
>
> -------OPENSSL
>
> openssl s_client -connect kmc03bit:443 -tls1 è(works)
>
> CONNECTED(00000003)
>
> SSL handshake has read 2588 bytes and written 285 bytes
>
> ---
>
> New, TLSv1/SSLv3, Cipher is AES256-SHA
>
> Server public key is 1024 bit
>
> Compression: NONE
>
> Expansion: NONE
>
> SSL-Session:
>
> Protocol : TLSv1
>
> Cipher : AES256-SHA
>
> openssl s_client -connect kmc03bit:443 -ssl3 è(works)
>
> CONNECTED(00000003)
>
> SSL handshake has read 2604 bytes and written 299 bytes
>
> ---
>
> New, TLSv1/SSLv3, Cipher is AES256-SHA
>
> Server public key is 1024 bit
>
> Compression: NONE
>
> Expansion: NONE
>
> SSL-Session:
>
> Protocol : SSLv3
>
> Cipher : AES256-SHA
>
> *From:*Anu Shrestha
> *Sent:* Monday, July 09, 2012 3:05 PM
> *To:* libcurl development
> *Subject:* RE: Need install of curl 7.16.2 (ia64-hp-hpux11.23) libcurl/7.16.2
>
> Dan,
>
> We took your suggestion and start working to make our apps work with cURL 7.24.
>
> We wanted to force down the SSLV2 since host is expecting SSLV2. I used following function in
> my application but it is still trying to exchange with SSLV3.
>
> /* Setup SSL specific config options */
> curl_easy_setopt(curl,CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv2);
>
> I have also attached the code. Help please.
>
> Anu
>
> ----------------------------------------------------------------------------------------------------
>
> *From:*curl-library-bounces_at_cool.haxx.se on behalf of Daniel Stenberg
> *Sent:* Sun 7/8/2012 8:22 AM
> *To:* libcurl development
> *Cc:* Mike Ballon
> *Subject:* RE: Need install of curl 7.16.2 (ia64-hp-hpux11.23) libcurl/7.16.2
>
> On Sun, 8 Jul 2012, Anu Shrestha wrote:
>
> Please note that we don't top-post on this mailing list.
>
> > We have reached out to hpux but they don't have the older install. Can you
> > please point us to docs and how to get the source code package to build
> > ourselves?
>
> The tar archive is full of them. And if that isn't enough, the web site has
> lots of info, and if all that fails we're here on the list to answer the
> questions you couldn't find answers to.
>
> But please be aware that 7.16.2 is over five years old (we have done 815
> documented bug fixes since!) and we're not very keen on supporting ancient
> versions so you need to be aware that you're on your own when going that
> route.
>
> --
>
> / daniel.haxx.se
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>
> CONFIDENTIALITY NOTICE: This e-mail and any accompanying documents contain
> confidential information intended for a specific individual purpose. This
> information is private and protected by law. If you are not the intended
> recipient, you are hereby notified that any disclosure, copying or distribution,
> or the taking of any action based on the contents of this information, is
> strictly prohibited. If you have received this transmission in error, please
> delete it. Thank you.
>
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-07-10