0
1
I've been having a strange issue, where I cannot connect to https://www.humblebundle.com.
Plain HTTP works fine, as does https://humblebundle.com. These all redirect to the above address. I haven't found any domains or websites that have the same issue.
curl https://www.humblebundle.com says:
curl: (35) Unknown SSL protocol error in connection to www.humblebundle.com:443
Looking at the stack trace from a small C# program indicates that the problem occurs when reading from a socket during SSL authentication.
I am able to retrieve the site when connecting via the IP address and overriding the Host header. curl https://198.41.187.33 -k -H "Host: www.humblebundle.com" works just fine.
I noticed that if I leave out the -k flag, it reports that the certificate name received is in fact www.humblebundle.com
I have confirmed that this is not related my ISP, and it also works from a virtual machine connected to the network though the affected computer using NAT. DNS is behaving as expected. All signs point to the problem being on my machine.
The affected machine is running Windows 7 SP1.
What could the cause be, and how can I fix it?
Kendall Frey
Posted 2014-04-16T00:08:26.180
Reputation: 274
At least some versions of curl support only TLS 1.0 (https://bugzilla.redhat.com/show_bug.cgi?id=1042989), while Humble Bundle's certificate requires TLS 1.2.
– ChrisInEdmonton – 2014-04-16T00:20:56.027@ChrisInEdmonton That doesn't explain the fact that it also fails in the browser and with .NET's HTTP request object. – Kendall Frey – 2014-04-16T00:36:27.670
There are so many things where this can break. If it breaks with curl, browser and .NET I assume that curl is compiled with support for using the windows specific crypto engine. If it works with using the IP address but not the hostname it is probably related to using the SNI extension (server name indication). More information are possible if you would do a packet capture of the connection attempt (e.g. wireshark). – Steffen Ullrich – 2014-04-16T05:17:18.223