Mailing Lists

curl-tracker Archives

[curl:bugs] #1319 Bug: "Unsupported SSL protocol version" Error

From: Andre Nathan <andrenathan_at_users.sf.net>
Date: Mon, 02 Feb 2015 12:32:52 +0000

I still have this issue, even with 7.40.0:

    ~/src/curl-7.40.0/src $ ./curl https://qasecommerce.cielo.com.br/servicos/ecommwsec.do -v --tlsv1
    * Trying 201.18.41.183...
    * Connected to qasecommerce.cielo.com.br (201.18.41.183) port 443 (#0)
    * successfully set certificate verify locations:
    * CAfile: /etc/ssl/certs/ca-certificates.crt
      CApath: none
    * TLSv1.2, TLS handshake, Client hello (1):
    * Unknown SSL protocol error in connection to qasecommerce.cielo.com.br:443
    * Closing connection 0
    curl: (35) Unknown SSL protocol error in connection to qasecommerce.cielo.com.br:443

It works fine on older versions like 7.22.0 on Ubuntu 12.04:

    $ curl https://qasecommerce.cielo.com.br/servicos/ecommwsec.do -v --tlsv1
    * About to connect() to qasecommerce.cielo.com.br port 443 (#0)
    * Trying 201.18.41.183... connected
    * successfully set certificate verify locations:
    * CAfile: none
      CApath: /etc/ssl/certs
    * SSLv3, TLS handshake, Client hello (1):
    * SSLv3, TLS handshake, Server hello (2):
    * SSLv3, TLS handshake, CERT (11):
    * SSLv3, TLS handshake, Server finished (14):
    * SSLv3, TLS handshake, Client key exchange (16):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSL connection using AES256-SHA
    * Server certificate:
    * subject: C=BR; ST=Sao Paulo; L=Barueri; O=CIELO S.A.; OU=SI Cielo SS; CN=qasecommerce.cielo.com.br
    * start date: 2014-08-20 00:00:00 GMT
    * expire date: 2015-08-20 23:59:59 GMT
    * subjectAltName: qasecommerce.cielo.com.br matched
    * issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)10; CN=VeriSign Class 3 Secure Server CA - G3
    * SSL certificate verify ok.
> GET /servicos/ecommwsec.do HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: qasecommerce.cielo.com.br
> Accept: */*
>
    < HTTP/1.1 405 Method Not Allowed
    < Date: Mon, 02 Feb 2015 12:30:04 GMT
    < Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8x
    < Content-Length: 44
    < X-Powered-By: Servlet/2.5 JSP/2.1
    < Content-Type: text/html
    <
    * Connection #0 to host qasecommerce.cielo.com.br left intact
    * Closing connection #0
    * SSLv3, TLS alert, Client hello (1):

---
** [bugs:#1319] Bug: "Unsupported SSL protocol version" Error**
**Status:** closed-fixed
**Created:** Thu Jan 02, 2014 07:44 PM UTC by Mohammad Hossekh Sekhavat
**Last Updated:** Mon Oct 06, 2014 09:01 AM UTC
**Owner:** Daniel Stenberg
Since I have upgraded from version 7.33 to 7.34, I am getting "Unsupported SSL protocol version" error with SSLv3. 
In order to reproduce the problem, run the command:
curl -v -3 -g 'https://aur.archlinux.org/'
Following output error will be showin in my machine:
* Hostname was NOT found in DNS cache
* Adding handle: conn: 0x237e040
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x237e040) send_pipe: 1, recv_pipe: 0
*   Trying 78.46.78.247...
*   Trying 2a01:4f8:120:34c2::2...
* Immediate connect fail for 2a01:4f8:120:34c2::2: Network is unreachable
* Connected to aur.archlinux.org (78.46.78.247) port 443 (#0)
* Unsupported SSL protocol version
* Closing connection 0
curl: (35) Unsupported SSL protocol version
My System Info:
$curl -V
curl 7.34.0 (x86_64-unknown-linux-gnu) libcurl/7.34.0 OpenSSL/1.0.1e zlib/1.2.8 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
$uname -a 
Linux mohammad-tp 3.12.6-1-ARCH #1 SMP PREEMPT Fri Dec 20 19:39:00 CET 2013 x86_64 GNU/Linux
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

Received on 2015-02-02

This message: [ Message body ]
Next message: Daniel Stenberg: "[curl:bugs] #1319 Bug: "Unsupported SSL protocol version" Error"
Previous message: Toni Moreno: "[curl:bugs] #1475 multithreaded httpslibcurl crash"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

These mail archives are generated by hypermail.