cURL
Mailing Lists

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[curl:bugs] #1340 7.35.0 ssl request fails (handshake error) when no --cipher is provided

From: Daniel Stenberg <bagder_at_users.sf.net>
Date: Sun, 09 Mar 2014 23:53:21 +0000

- **status**: open --> pending
- **assigned_to**: Daniel Stenberg
- **Comment**:

This is probably not a bug. We explicitly disable RC4 from our list of support ciphers since it broken and considered insecure.

We've started a document to collect reasons and explanations to common curl+SSL problems: https://github.com/bagder/curl/blob/master/docs/SSL-PROBLEMS

My only concern is that RC4 is documented as a way to mitigiate BEAST with TLS 1.0... 

---
** [bugs:#1340] 7.35.0 ssl request fails (handshake error) when no --cipher is provided**
**Status:** pending
**Created:** Fri Mar 07, 2014 09:51 AM UTC by Linas
**Last Updated:** Fri Mar 07, 2014 09:51 AM UTC
**Owner:** Daniel Stenberg
This happens at least with one url: https://rest.telesign.com
7.34.0 works ok
7.35.0 fails with handshake error
7.36.0-DEV same as 7.35.0 at the time of writing
**openssl version:** OpenSSL 1.0.1e-fips 11 Feb 2013
**OS:** CentOS 6.4; CentOS 6.5; Cloudlinux 6.5
**Curl Versions:**
[#] ./curl-7.34.0/src/curl -V
curl 7.34.0 (x86_64-unknown-linux-gnu) libcurl/7.34.0 OpenSSL/1.0.1e zlib/1.2.3
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp 
Features: IPv6 Largefile NTLM NTLM_WB SSL libz
[#] ./curl-7.35.0/src/curl -V
curl 7.35.0 (x86_64-unknown-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1e zlib/1.2.3
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp 
Features: IPv6 Largefile NTLM NTLM_WB SSL libz 
**7.34.0 request output:**
    [#] ./curl-7.34.0/src/curl -v 'https://rest.telesign.com'
    [ ... ]
    * Connected to rest.telesign.com (199.27.228.143) port 443 (#0)
    * successfully set certificate verify locations:
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * SSLv3, TLS handshake, Client hello (1):
    * SSLv3, TLS handshake, Server hello (2):
    * SSLv3, TLS handshake, CERT (11):
    * SSLv3, TLS handshake, Server finished (14):
    * SSLv3, TLS handshake, Client key exchange (16):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSL connection using RC4-SHA
    [ ... ]
    * Closing connection 0
    * SSLv3, TLS alert, Client hello (1):
    {"errors": [{"code": -40004, "description": "Resource Not Found"}]}
**7.35.0 request output:**
    [#] ./curl-7.35.0/src/curl -v 'https://rest.telesign.com'
    [ ... ]
    * Connected to rest.telesign.com (199.27.228.143) port 443 (#0)
    * successfully set certificate verify locations:
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * SSLv3, TLS handshake, Client hello (1):
    * SSLv3, TLS alert, Server hello (2):
    * error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
    * Closing connection 0
    curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
**7.35.0 request output (with --cipher):**
[#] ./curl-7.35.0/src/curl -v 'https://rest.telesign.com' --cipher 'RC4-SHA'
    [ ... ]
    * Connected to rest.telesign.com (199.27.228.143) port 443 (#0)
    * successfully set certificate verify locations:
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * SSLv3, TLS handshake, Client hello (1):
    * SSLv3, TLS handshake, Server hello (2):
    * SSLv3, TLS handshake, CERT (11):
    * SSLv3, TLS handshake, Server finished (14):
    * SSLv3, TLS handshake, Client key exchange (16):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSL connection using RC4-SHA
    [ ... ]
    * Closing connection 0
    * SSLv3, TLS alert, Client hello (1):
    {"errors": [{"code": -40004, "description": "Resource Not Found"}]}
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.
Received on 2014-03-10

These mail archives are generated by hypermail.

donate! Page updated December 29, 2013.
web site info

File upload with ASP.NET