How to configure curl to use use a ciphers parameter by default without specifying it?

This question is related to: Homebrew gives SSL error (SSL_ERROR_SYSCALL) on home network

As Alexander Ekdahl points out in the comments, adding --ciphers ECDHE-RSA-AES128-GCM-SHA256 fixes the above problem.

I am not sure why curl won't work on my home network without me specifying the ciphers. Regardless, to solve this problem is there a way for me to specify that curl should use this option everytime it makes a request without me having to manually add the ciphers option everytime?

philosopher

Posted 2018-03-01T16:35:34.440

Reputation: 283

You can always just fix the SSL certificate. – Ramhound – 2018-03-01T16:44:49.933

@Ramhound - is there a problem with the certificate? – garethTheRed – 2018-03-02T06:57:28.873

Can you explain how @Ramhound? – philosopher – 2018-03-02T17:50:16.860

Answers

From the curl manual, simply add:

--ciphers ECDHE-RSA-AES128-GCM-SHA256

To ~/.curlrc.

garethTheRed

Posted 2018-03-01T16:35:34.440

Reputation: 2 520

1Thanks, is there any security risk if you do this? – philosopher – 2018-03-02T17:46:02.537

1also do you know why this happen? – philosopher – 2018-03-02T18:01:22.160

1Does your home network have a firewall? It may be carrying out HTTPS inspection, in which case it acts as a client and connects to your target website, de-crypts the connection to check it; then re-encrypts it with its own certificate. If this firewall is using deprecated ciphers you'll end up with this issue. Curl will try to use the best ciphers available to it. If the ciphers presented by this firewall isn't on the list acceptable to Curl, you have to force Curl to use a less secure cipher. Just a guess though :-) – garethTheRed – 2018-03-02T19:02:49.000

@philosopher

Check the manpage for curl and put the options you want in your ~/.curlrc file.

Brad Knowles

Posted 2018-03-01T16:35:34.440

Reputation: 124