TLS curl POST resulting in SSLv3 error

0

I am trying to make a POST request via curl to a server that only supports TLS 1.2, TLS 1.1, and TLS 1.0. However, even when I try to specify the need for TLS instead of the default SSL v. 3 (adding ---tlsv1) I get the following response:

curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

This is the version of curl I am using:

curl 7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5

There are no firewall issues with resolving the URL.

How can I make the POST successful?

Update: I have tried also making the request with Python to try to figure out what the issue is. The URL is internal so I cannot share that, but help would be appreciated as to what might be the configuration issue. Here is the Python error:

urllib2.URLError: <urlopen error (1, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')>

Jake

Posted 2016-01-19T15:19:12.870

Reputation: 163

What is the URL of the server you are attempting to connect to? If you don't provide it, then we can't help you trouble shoot it. We will probably have to close the question as "can't duplicate". – jww – 2016-01-20T20:38:33.910

Answers

1

How can I make the POST successful?

Hard to tell what the issue is without knowing the exact URL. But given the version of curl your are using it might be that the server requires Server Name Indication (SNI) which is not supported by the old version of curl you are using.

Steffen Ullrich

Posted 2016-01-19T15:19:12.870

Reputation: 3 897

I get the same error when making the request with Python. i.e., urllib2.URLError: <urlopen error (1, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')> – Jake – 2016-01-20T14:25:19.960

@JakeWasdin: Changes are high that your python is also too old. SNI is support since Python 2.7.9 only. – Steffen Ullrich – 2016-01-20T14:53:35.037

0

The "handshake" error indicates that the client and server could not agree on how to set up the secure channel requires for HTTPS. The version of OpenSSL you are using is very old, and only understands SSL up to sslv3, which the server requires as a minimum. Hence the "sslv3" error - it is informing you it tried to talk SSL v3 (which is less than TLS v1) and failed to get a meaningful response.

You're out of luck without an upgrade to a more recent version of OpenSSL, and even then the curl version may also need to be bumped to handle the newer TLS version too.

Liam Dennehy

Posted 2016-01-19T15:19:12.870

Reputation: 319

Asked: 2016-01-19T15:19:12.870

Viewed: 1 466 times

Active: 2017-07-25T13:51:55.540