This is an OpenSSL issue. After 1.0.1 there were several changes which cause problems during the TLS/SSL Handshake with certain servers. Suggestions for workaround vary from disabling TLS1.2 to limitng the cipher list. I personally force an SSL3 handshake whenever such server is encountered.
Dobromir On Sun, Apr 6, 2014 at 3:47 AM, Nick Zitzmann <[email protected]> wrote: > > On Apr 5, 2014, at 10:21 AM, Woods <[email protected]> wrote: > > > I understand CURLOPT_SSLVERSION has default value > CURL_SSLVERSION_DEFAULT - > > This will attempt to figure out the remote SSL protocol version, i.e. > either SSLv3 or TLSv1. > > > > However, I do encounter a HTTPS connection, that gives me > CURLE_SSL_CONNECT_ERROR for easy perform, and I need to set > CURL_SSLVERSION_SSLv3 to make it work properly. > > > > What I wish to find out is whether curl can do this protocol adaptation > automatically as specified by CURL_SSLVERSION_DEFAULT. Or do I miss > something in the code? Thanks. > > CURLOPT_SSLVERSION_DEFAULT tells the TLS library to use its highest > supported TLS version at the maximum and SSLv3 at the minimum. If it's not > downgrading to SSLv3, then either one of these two things (or both) is true: > > 1. The server you are accessing is buggy and will not graciously downgrade > from TLS 1.0/1.1/1.2 to SSLv3. > 2. The back-end you are using isn't properly configuring SSLv3 when > CURLOPT_SSLVERSION_DEFAULT is in use (assuming the back-end is not axTLS, > which does not support SSLv3). > > What back-end are you using? I haven't experienced this problem with > either OpenSSL or Secure Transport. Are you able to connect to this site > using some other client, e.g. Firefox? > > Nick Zitzmann > <http://www.chronosnet.com/> > > > > > ------------------------------------------------------------------- > List admin: http://cool.haxx.se/list/listinfo/curl-library > Etiquette: http://curl.haxx.se/mail/etiquette.html > -- Dobromir Velev --------------------------------------------------------------------------- "Never attribute to malice that which can be adequately explained by stupidity"
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
