[Pkg-openssl-devel] curl: (35) Unknown SSL protocol error in connection to services.orange.co.uk:443
Kurt Roeckx
kurt at roeckx.be
Sun Jan 31 14:11:47 UTC 2010
On Tue, Jan 26, 2010 at 10:34:03AM +0000, Simon Waters wrote:
> Attempts to fetch this using curl from Lenny;
>
> curl https://services.orange.co.uk/sam/templates/web/sign_in_new.htm
>
> fail
>
> curl: (35) Unknown SSL protocol error in connection to
> services.orange.co.uk:443
>
> Using openssl s_client I can connect and type a plausible HTTP session.
$ openssl s_client -host services.orange.co.uk -port 443 -tls1
CONNECTED(00000003)
4862:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:
$ openssl s_client -host services.orange.co.uk -port 443 -ssl3
CONNECTED(00000003)
4874:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:
$ openssl s_client -host services.orange.co.uk -port 443 -ssl2
CONNECTED(00000003)
depth=0 /C=GB/L=Avon/O=Orange Personal Communications Services
Ltd/CN=services.orange.co.uk
[...]
So I get a different connection depending on some of the options.
Using -no_ssl2 doesn't allow a connection, and it's pretty common
to set that option. With no options I can actually get a TLS1
connection.
> Which suggests a bug in how openssl is being invoked?!
I think it's more a bug in what orange is using and depending
on the options used in applications you get different behaviour.
> I would usually file a bug, but I'm not clear if the server might be
> misconfigured, or in which package this is occurring.
I have no good suggestion for that. If it's a bug in IBM's
software, we might be able to find a workaround for it. Note
that the different applications you're using might not only
be using different options, but also different libraries
implementing ssl/tls.
Kurt
More information about the Pkg-openssl-devel
mailing list