I don’t know what is exactly going on but I noticed that curl couldn’t get secure pages without adding extra switches.
~# curl -v https://api.dreamhost.com * About to connect() to api.dreamhost.com port 443 (#0) * Trying 220.127.116.11... * connected * Connected to api.dreamhost.com (18.104.22.168) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): (hangs for a minute) * Unknown SSL protocol error in connection to api.dreamhost.com:443 * Closing connection #0 curl: (35) Unknown SSL protocol error in connection to api.dreamhost.com:443
Now, when I add -1 (force tlsv1) or -3 (force sslv3) curl works flawlessly. The problem is that other programs seem to have similar issues, like python scripts.
When I try openssl it hangs like curl
openssl s_client -connect api.dreamhost.com:443 CONNECTED(00000003) (HANGS) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 320 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE ---
The same happens if I use -tls1_2, but it works If I use -ssl3 switch
OpenSSL> version OpenSSL 1.0.1e 11 Feb 2013
Does anybody know how to fix this and make curl or openssl work with default settings? I have another machine with Debian lenny that can run both commands flawlessly without any switch.
Make sure you have the
ca-certificates package installed properly. If it is installed, you may have accidentally deleted its files and need to reinstall it.
sudo apt-get install --reinstall ca-certificates
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.