curl failed setting cipher list

1

I'm trying to make curl use GOST2001-GOST89-GOST89 cipher which is available and usable by OpenSSL but keep getting failed setting cipher list error despite the fact that curl sees gost engine and can use GOST client certificates. How can I fix this? All the libraries are compiled from source.

$ openssl ciphers | grep -o '\(GOST[[:digit:]]\+-\?\)\+'
GOST2001-GOST89-GOST89
GOST94-GOST89-GOST89

$ openssl engine | grep gost
(gost) Reference implementation of GOST engine

$ openssl version
OpenSSL 1.0.1 14 Mar 2012

$ curl -V
curl 7.25.0 (x86_64-apple-darwin11.3.0) libcurl/7.25.0 OpenSSL/1.0.1 zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp 
Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP 

$ curl --engine gost --ciphers GOST2001-GOST89-GOST89 https://localhost:4433
curl: (59) failed setting cipher list

synapse

Posted 2012-04-13T09:32:46.100

Reputation: 223

Answers

0

This is not really an answer, but might help some.

Error code 59 means "Couldn't use specified SSL cipher" (from here).
Evidently curl can't use this cipher.

The error might be misleading, since the problem might actually be that your localhost server has rejected the cipher as unsupported during handshaking.

It might work better with a better-known cipher.

harrymc

Posted 2012-04-13T09:32:46.100

Reputation: 306 093

Asked: 2012-04-13T09:32:46.100

Viewed: 8 763 times

Active: 2020-01-06T20:00:36.193