Search code examples
sslcurlhttpsredhattls1.2

Unknown SSL protocol error in connection to using curl on RedHat

Please see the output below. I'm just trying to access the website using curl 7.52.1 on RedHat Enterprise Server 6.9.

[root@fti ~]# curl -v https://testweb.dms.com

* Rebuilt URL to: https://testweb.dms.com/
*   Trying 12.121.156.219...
* TCP_NODELAY set
* Connected to testweb.dms.com (12.121.156.219) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /root/anaconda3/ssl/cacert.pem
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to testweb.dms.com:443
* Curl_http_done: called premature == 1
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to testweb.dms.com:443

openssl works fine.

[root@fti ~]# openssl s_client -connect testweb.dms.com:443
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 307 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1508957433
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

curl -V O/P

curl 7.52.1 (x86_64-pc-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.2l zlib/1.2.8
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy

As none-root user

[denimi@fti ~]$ curl -v https://testweb.dms.com
* About to connect() to testweb.dms.com 443 (#0)
*   Trying 12.121.156.219... connected
* Connected to testweb.dms.com (12.121.156.219) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -5961
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error

How can I solve this?

Solution

  • Try connecting using specific protocol or cipher suits. Seems supplied protocol by curl is not accepted by server.

    try this:

    curl --tlsv1.2 https://testweb.dms.com