I can confirm this bug on Ubuntu noble (had to disable SSL verification for CURL to succeed establishing the SSL connection), but can also report that dev/Oracular is not affected.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/2073448 Title: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection Status in curl package in Ubuntu: Confirmed Bug description: The problem seems to affect only Ubuntu 24.04 Arm64. It works as expected in Ubuntu 24.04 Amd64. For further information see: https://github.com/curl/curl/issues/14154 ### I did this ```bash curl -vvv https://dotnet.microsoft.com/ * Host dotnet.microsoft.com:443 was resolved. * IPv6: 2620:1ec:bdf::43 * IPv4: 13.107.246.43 * Trying 13.107.246.43:443... * Connected to dotnet.microsoft.com (13.107.246.43) port 443 * ALPN: curl offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to dotnet.microsoft.com:443 * Closing connection curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to dotnet.microsoft.com:443 ``` ### I expected the following I expected no SSL error as **openssl** seem to be working as expected: ```bash openssl s_client -connect dotnet.microsoft.com:443 CONNECTED(00000003) depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 verify return:1 depth=1 C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03 verify return:1 depth=0 C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.microsoft.com verify return:1 --- Certificate chain 0 s:C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.microsoft.com i:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384 v:NotBefore: Jun 25 20:36:42 2024 GMT; NotAfter: Jun 20 20:36:42 2025 GMT 1 s:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03 i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384 v:NotBefore: Jun 8 00:00:00 2023 GMT; NotAfter: Aug 25 23:59:59 2026 GMT 2 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Aug 1 12:00:00 2013 GMT; NotAfter: Jan 15 12:00:00 2038 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIIbjCCBlagAwIBAgITMwBqsN0udUZDvIEukgAAAGqw3TANBgkqhkiG9w0BAQwF ADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u MS4wLAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgUlNBIFRMUyBJc3N1aW5nIENBIDAz MB4XDTI0MDYyNTIwMzY0MloXDTI1MDYyMDIwMzY0MlowazELMAkGA1UEBhMCVVMx CzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv ZnQgQ29ycG9yYXRpb24xHTAbBgNVBAMTFGRvdG5ldC5taWNyb3NvZnQuY29tMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZD+C6LaJAjEgKDLOH643bUB WLdi3kO2GRUsk4DwfZ6KAAs0nkY9ltpUZgpE+Mm8dNuNCWewU3MpuQgMptOfCuf7 ukkyO2gbo5Wko/U0ilNQ+0T2mTg43U7h+LQfnBcAPyidTUQYR+hfoZIFauBAVygT d9dByKjdkUC/bQA8I0/CaJV62qt4rAptuO8n94M9TcwHGzKKKNkq1ByInbEomLef Npm8SfxXoz+3JqTt2isUJuvN/NxkbFAAKgj5DbXdfypbLxXSqxjh1ThyAvhchQ1e XdjkYs0ogl9/dmgcon5ojAd6F2ty+EIayOpZzLtRVZEnU10ZpP/QRBDbYrlRFQID AQABo4IEFzCCBBMwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AE51oydcmhDD OFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABkFEmpOcAAAQDAEcwRQIhAIIpI3la ULEsaDpC+KwWQdoMDPMDO18Rs3XbNozqkoVZAiAdAah3WKvDZUvqGZ1xLVq8AeQk j0eI7ccMwijHvT+XJgB2AH1ZHhLheCp7HGFnfF79+NCHXBSgTpWeuQMv2Q6MLnm4 AAABkFEmpPoAAAQDAEcwRQIgDtEZs9YRgwl1LFh0Qe9zHpYaqh4uPrvOKGacN0sP ThACIQDu5FjzJCHOdhIYYEi3E9eUYa5hkaFfGqNdkW+f7f6ymAB3AOCSs/wMHcjn aDYf3mG5lk0KUngZinLWcsSwTaVtb1QEAAABkFEmpWkAAAQDAEgwRgIhAK3IH/kH 6xxYXiKqus9p+HOzLZ5V7QD3WLdH5d4iE+cDAiEAu7vlX3NjwcVV9Q0qad5oRq+J gWoTe4I129rn+Nwg8dswJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggr BgEFBQcDATA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiHvdcbgefrRoKBnS6O 0AyH8NodXYKE5WmC86c+AgFkAgEmMIG0BggrBgEFBQcBAQSBpzCBpDBzBggrBgEF BQcwAoZnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNy b3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUyMElzc3VpbmclMjBDQSUyMDAzJTIw LSUyMHhzaWduLmNydDAtBggrBgEFBQcwAYYhaHR0cDovL29uZW9jc3AubWljcm9z b2Z0LmNvbS9vY3NwMB0GA1UdDgQWBBR9TKvzmHG1MV1ddWm5+vC6YXanqjAOBgNV HQ8BAf8EBAMCBaAwHwYDVR0RBBgwFoIUZG90bmV0Lm1pY3Jvc29mdC5jb20wDAYD VR0TAQH/BAIwADBqBgNVHR8EYzBhMF+gXaBbhllodHRwOi8vd3d3Lm1pY3Jvc29m dC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUy MElzc3VpbmclMjBDQSUyMDAzLmNybDBmBgNVHSAEXzBdMFEGDCsGAQQBgjdMg30B ATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3Bz L0RvY3MvUmVwb3NpdG9yeS5odG0wCAYGZ4EMAQICMB8GA1UdIwQYMBaAFP4JcUBV BRBE2KSBdbieGulKBojIMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAN BgkqhkiG9w0BAQwFAAOCAgEAZpCQvYsTwiHY33gdO63zx16VedHu7en/rhf+pw9d JmXzlWQWhxP2Rxb7SmBQBnBydNCb1n6ZgWoXqsGP8JmeqIOZRCBu68VIwobA/+OL Qcr1ZhM9AxsxnzR/CyBUbW9pDIbrhThxBzc9+6yc8YbZeJFRWn6MjmcEM6l7RRsJ udQ4b6UwPqW8O4fgIM63FHvhzajs9FLQ3eBhi46WCLEHn5rbMbChnsEsCWE6ElZQ 2JKgFmf5i2fGCoyhPxAoscQFDsGBYOGWhwQ07PeOmve1gzgjy2TfO571cfn+9c2w cWt64yvfqHTAo1T50p1gKeNbziPik1XnVF5a1/4CMzrH43I3KDmMMSTv2S2enmpt jjPRTzMy6jjRG/7ZKSKQsRoRV++IVRA/AcaPuv7AQuTSvXYXccdxZygDBZyOddDn GxXjj2pFn/gmaxfeJ4TjmlvxyCDqPKbDeHtdnBpDezf9MXignAlimiF3OGrdJxyq Wd0ANx9v9hU55m0f+7nsRoGEqlrHvfyi2pt/58ZmckHGUH7sqMrWKwTVh1ReUn0+ xHt29O65Gh05P1ixfDJFbKOA2ihY9nkVCO3j0B4vmfH7tKrVpGPlrgAYUcuM56pf p/HMENKnH/MnAHXD6671XbJERFNHRNDR1qrX3SCRqArJPI/43H6ocyVsI82hoM7G a7Q= -----END CERTIFICATE----- subject=C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.microsoft.com issuer=C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 5228 bytes and written 757 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 643124F02D3029C902774B5E6B0B507D9C47DA0FF6A060439708B29018124972 Session-ID-ctx: Resumption PSK: 9CCAB2651F4B8873258C4722F59A8698282DE227BE0BBD80BE5613EE0BA66ACDAF7892445F549DF36BE78F84C8BE5078 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 32 8c 1c f8 d6 1c 33 71-fb 26 27 b4 d4 a5 0c e1 2.....3q.&'..... 0010 - 29 24 51 37 c5 a5 f7 75-96 ea aa d3 94 5e 4a ae )$Q7...u.....^J. Start Time: 1720699914 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: A86923E7760AC76AC296A36BA386470A4D3F61A2D92DE6314E6C184E79621DD7 Session-ID-ctx: Resumption PSK: 39809D7956DD3FCF72C59F003D19BCBA26D688D506026DE4F79518DDA476846F0896EB8D0A75BC6E3ACAC1069C7E37B7 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 0b 7e fd 85 ba ff b4 3e-67 ec 4d 12 55 42 ef ca .~.....>g.M.UB.. 0010 - 33 50 d8 91 be 29 c8 81-15 ec 6c 15 6b 41 42 5b 3P...)....l.kAB[ Start Time: 1720699914 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK closed ``` Also **wget** is working as expected: ```bash wget https://dotnet.microsoft.com/ --2024-07-11 12:14:16-- https://dotnet.microsoft.com/ Resolving dotnet.microsoft.com (dotnet.microsoft.com)... 13.107.246.43, 2620:1ec:bdf::43 Connecting to dotnet.microsoft.com (dotnet.microsoft.com)|13.107.246.43|:443... connected. HTTP request sent, awaiting response... 302 Found Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net Location: /en-us/ [following] --2024-07-11 12:14:24-- https://dotnet.microsoft.com/en-us/ Reusing existing connection to dotnet.microsoft.com:443. HTTP request sent, awaiting response... 200 OK Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net Length: unspecified [text/html] Saving to: ‘index.html’ index.html [ <=> ] 300.57K --.-KB/s in 0.1s 2024-07-11 12:14:25 (2.08 MB/s) - ‘index.html’ saved [307782] ``` ### curl/libcurl version curl 8.5.0 (aarch64-unknown-linux-gnu) libcurl/8.5.0 OpenSSL/3.0.13 zlib/1.3 brotli/1.1.0 zstd/1.5.5 libidn2/2.3.7 libpsl/0.21.2 (+libidn2/2.3.7) libssh/0.10.6/openssl/zlib nghttp2/1.59.0 librtmp/2.3 OpenLDAP/2.6.7 Release-Date: 2023-12-06, security patched: 8.5.0-2ubuntu10.1 Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd ### operating system Linux 63c63fd986c4 6.5.0-41-generic #41~22.04.2-Ubuntu SMP PREEMPT_DYNAMIC Mon Jun 3 11:32:55 UTC 2 aarch64 aarch64 aarch64 GNU/Linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2073448/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
