cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Libxurl use only TLSv1_2

From: Nick Zitzmann <nick_at_chronosnet.com>
Date: Mon, 29 Apr 2013 21:08:23 -0600

On Apr 29, 2013, at 8:15 PM, Indtiny s <indtiny_at_gmail.com> wrote:

(please don't top-post)

> Hi,
> Yes server supprorts TLSv1.2 and I have to authenticate the server using the TLSv1.2 only .

Okay, I see that the site you are trying to connect to does support TLS 1.2: <https://www.ssllabs.com/ssltest/analyze.html?d=daisy.ubuntu.com&s=91.189.95.54>

> What I heard from the webServer forum is that since the server looks only for TLSv1.2(Server is configured like so for some requirement) and if clients tries with V1.1, its fails .

That is one bizarre technical requirement if true. TLS 1.2 is a nice improvement over 1.1 and 1.0, but it's not critical yet.

> If I change to curl_easy_setopt(curl, CURLOPT_SSLVERSION,CURL_SSLVERSION_TLSv1); then I get the SSL conection error .

FWIW, I was able to connect to the site after forcing SSLv3.

> and with _DEFAULT it makes Client hello and throws Internal error(80) .
>
> I am not able to figure out the problem .
> Here with I have attached my complete wireshark og

Some other thoughts: Are you using the latest version of OpenSSL? Versions prior to 1.0.1-something didn't support TLS 1.2. And have you tried using GnuTLS instead? I know GnuTLS supports TLS 1.2.

Nick Zitzmann
<http://www.chronosnet.com/>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-04-30