Wget is only sending TLS 1.0 in client hello, and the server is refusing. This seems to be a problem with the port, as wget 1.14 on my Linux box sends a TLS 1.2 hello, as does wget on OpenBSD 5.4 (also 1.14).
On Tue, Nov 18, 2014 at 10:31 PM, Mikolaj Kucharski <miko...@kucharski.name> wrote: > Hi, > > I didn't notice when it started, as ftp and curl just work, but wget > fails for following https site: > > > # wget --debug -O /dev/null https://www.secure.io/ > Setting --output-document (outputdocument) to /dev/null > DEBUG output created by Wget 1.16 on openbsd5.6. > > URI encoding = '646' > converted 'https://www.secure.io/' (646) -> 'https://www.secure.io/' (UTF-8) > --2014-11-19 06:16:36-- https://www.secure.io/ > Resolving www.secure.io (www.secure.io)... 91.121.99.69 > Caching www.secure.io => 91.121.99.69 > Connecting to www.secure.io (www.secure.io)|91.121.99.69|:443... connected. > Created socket 4. > Releasing 0x00000f3e66393ae0 (new refcount 1). > Initiating SSL handshake. > SSL handshake failed. > Closed fd 4 > Unable to establish SSL connection. > > > Above wget output is from: > > OpenBSD 5.6-current (GENERIC) #549: Tue Nov 18 09:04:20 MST 2014 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC > > webserver is nginx-1.7.7p0 running on: > > OpenBSD 5.6-current (GENERIC) #523: Tue Nov 18 08:49:39 MST 2014 > dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC > > > nginx has following settings in its config file: > > ssl_protocols TLSv1.2; > ssl_ciphers TLSv1+HIGH@STRENGTH:!ADH:!aNULL; > ssl_prefer_server_ciphers on; > > > If you need more details, let me know. > > -- > best regards > q# >
