cURL / Mailing Lists / curl-library / Single Mail

curl-library

curl/libcurl (7.35) not supporting SSL- MD5-SHA ??

From: Toni Moreno <toni.moreno_at_gmail.com>
Date: Mon, 23 Feb 2015 15:34:10 +0100

Hi.

I'm building a the collectd tool (https://github.com/collectd/collectd) a
performance tool able to get data from apache mod_status and sent to
diferent backends, with libcurl ( curl-7.35.0 )

When my apache server is working with the following cipherSuite it works
ok. ( RC4-MD5 ok !!)

SSLCipherSuite
-ALL:!ADH:RC4+SHA:RC4+MD5:RC4+RSA:3DES:!EDH:!KRB5:+TLSv1:+SSLv3:!SSLv2:!RC2:!DES:!EXP

But if I disable the RC4-MD5 cipher curl/libcurl doesn't work

SSLCipherSuite -ALL:!ADH:RC4+SHA:*!RC4+MD5*
:RC4+RSA:!3DES:!EDH:!KRB5:+SSLv3:+TLSv1:!SSLv2:!RC2:!DES:!EXP

We get this error:

[2015-02-23 15:24:50] [error] apache: curl_easy_perform failed:
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure

When trying this with "curl" it fails again with the same error.

[root@test src]# curl -v -k "https://localhost:440/server-status?auto"
* Hostname was NOT found in DNS cache
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 440 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure
* Closing connection 0
*curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake failure*

But I can do connection OK with "openssl s_client" and it usesRC4-SHA
cipher

[root_at_wastest85 src]# openssl s_client -ssl3 -connect localhost:440 |grep
-i cipher
depth=0
/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=wastest85/emailAddress=root_at_wastest85
verify error:num=18:self signed certificate
verify return:1
depth=0
/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=wastest85/emailAddress=root_at_wastest85
verify return:1
New, TLSv1/SSLv3, Cipher is RC4-SHA
Cipher : RC4-SHA

Has curl 7.35 support for RC4-SHA ??

-- 
Att
Toni Moreno
699706656
*Si no quieres perderte en el olvido tan pronto como estés muerto y
corrompido, *
*escribe cosas dignas de leerse, o haz cosas dignas de escribirse.*
*Benjamin Franklin*

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-02-23

This message: [ Message body ]
Next message: Ståle Kristoffersen: "Re: Memory leak using default resolver and short timeouts"
Previous message: Dan Fandrich: "Re: Memory leak using default resolver and short timeouts"
Next in thread: Jan Ehrhardt: "Re: curl/libcurl (7.35) not supporting SSL- MD5-SHA ??"
Reply: Jan Ehrhardt: "Re: curl/libcurl (7.35) not supporting SSL- MD5-SHA ??"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]