SSL cipher error with curl
I am trying to grab a webpage with curl
$ curl -k https://1.1.1.1/login.html
curl: (35) error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned
The error means nothing to me. I have no problem downloading the webpage with firefox. How do I go about debugging the issue?
$ curl -V
curl 7.53.1 (x86_64-pc-linux-gnu) libcurl/7.53.1 OpenSSL/1.0.2k zlib/1.2.11 libpsl/0.17.0 (+libicu/58.2) libssh2/1.8.0
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy PSL
curl ssl
asked May 3 '17 at 13:23
StrongBad
2,16962654
|
show 1 more comment
I am trying to grab a webpage with curl
$ curl -k https://1.1.1.1/login.html
curl: (35) error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned
The error means nothing to me. I have no problem downloading the webpage with firefox. How do I go about debugging the issue?
$ curl -V
curl 7.53.1 (x86_64-pc-linux-gnu) libcurl/7.53.1 OpenSSL/1.0.2k zlib/1.2.11 libpsl/0.17.0 (+libicu/58.2) libssh2/1.8.0
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy PSL
curl ssl
asked May 3 '17 at 13:23
StrongBad
2,16962654
disablessl3.com
– Rui F Ribeiro
May 3 '17 at 13:42
1
The server you are trying to access is somewhat broken. Please provide the URL to the server (if it is public) to find out what exactly is broken with it.
– Steffen Ullrich
May 3 '17 at 15:28
@SteffenUllrich I didn't make up the 1.1.1.1 ip address :) While it is a public server, it is the wifi authentication gatekeeper so not remotely accessible. Potentially relevant information is that I used to be able to use curl to access the webpage. I am not sure when I last did it and what has been updated since then. The server could also have been updated.
– StrongBad
May 3 '17 at 15:33
@StrongBad: if it used to work and still works with a current Firefox trycurl --cipher DES-CBC3-SHA http://.... It might be that this cipher is disabled by default in your version of curl.
– Steffen Ullrich
May 3 '17 at 15:40
@SteffenUllrich I get failed setting cipher list. It looks like I do not have that cipher installedopenssl ciphers -v | grep DES. I am using Arch.
– StrongBad
May 3 '17 at 15:58
|
show 1 more comment
I am trying to grab a webpage with curl
$ curl -k https://1.1.1.1/login.html
curl: (35) error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned
The error means nothing to me. I have no problem downloading the webpage with firefox. How do I go about debugging the issue?
$ curl -V
curl 7.53.1 (x86_64-pc-linux-gnu) libcurl/7.53.1 OpenSSL/1.0.2k zlib/1.2.11 libpsl/0.17.0 (+libicu/58.2) libssh2/1.8.0
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy PSL
curl ssl
asked May 3 '17 at 13:23
StrongBad
2,16962654
I am trying to grab a webpage with curl
$ curl -k https://1.1.1.1/login.html
curl: (35) error:14092105:SSL routines:ssl3_get_server_hello:wrong cipher returned
The error means nothing to me. I have no problem downloading the webpage with firefox. How do I go about debugging the issue?
$ curl -V
curl 7.53.1 (x86_64-pc-linux-gnu) libcurl/7.53.1 OpenSSL/1.0.2k zlib/1.2.11 libpsl/0.17.0 (+libicu/58.2) libssh2/1.8.0
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy PSL
curl ssl
curl ssl
asked May 3 '17 at 13:23
StrongBad
2,16962654
asked May 3 '17 at 13:23
StrongBad
2,16962654
asked May 3 '17 at 13:23
StrongBad
2,16962654
asked May 3 '17 at 13:23
StrongBad
2,16962654
asked May 3 '17 at 13:23
StrongBad
2,16962654
2,16962654
disablessl3.com
– Rui F Ribeiro
May 3 '17 at 13:42
1
The server you are trying to access is somewhat broken. Please provide the URL to the server (if it is public) to find out what exactly is broken with it.
– Steffen Ullrich
May 3 '17 at 15:28
@SteffenUllrich I didn't make up the 1.1.1.1 ip address :) While it is a public server, it is the wifi authentication gatekeeper so not remotely accessible. Potentially relevant information is that I used to be able to use curl to access the webpage. I am not sure when I last did it and what has been updated since then. The server could also have been updated.
– StrongBad
May 3 '17 at 15:33
@StrongBad: if it used to work and still works with a current Firefox trycurl --cipher DES-CBC3-SHA http://.... It might be that this cipher is disabled by default in your version of curl.
– Steffen Ullrich
May 3 '17 at 15:40
@SteffenUllrich I get failed setting cipher list. It looks like I do not have that cipher installedopenssl ciphers -v | grep DES. I am using Arch.
– StrongBad
May 3 '17 at 15:58
|
show 1 more comment
disablessl3.com
– Rui F Ribeiro
May 3 '17 at 13:42
1
The server you are trying to access is somewhat broken. Please provide the URL to the server (if it is public) to find out what exactly is broken with it.
– Steffen Ullrich
May 3 '17 at 15:28
@SteffenUllrich I didn't make up the 1.1.1.1 ip address :) While it is a public server, it is the wifi authentication gatekeeper so not remotely accessible. Potentially relevant information is that I used to be able to use curl to access the webpage. I am not sure when I last did it and what has been updated since then. The server could also have been updated.
– StrongBad
May 3 '17 at 15:33
@StrongBad: if it used to work and still works with a current Firefox trycurl --cipher DES-CBC3-SHA http://.... It might be that this cipher is disabled by default in your version of curl.
– Steffen Ullrich
May 3 '17 at 15:40
@SteffenUllrich I get failed setting cipher list. It looks like I do not have that cipher installedopenssl ciphers -v | grep DES. I am using Arch.
– StrongBad
May 3 '17 at 15:58
disablessl3.com
– Rui F Ribeiro
May 3 '17 at 13:42
disablessl3.com
– Rui F Ribeiro
May 3 '17 at 13:42
1
1
The server you are trying to access is somewhat broken. Please provide the URL to the server (if it is public) to find out what exactly is broken with it.
– Steffen Ullrich
May 3 '17 at 15:28
The server you are trying to access is somewhat broken. Please provide the URL to the server (if it is public) to find out what exactly is broken with it.
– Steffen Ullrich
May 3 '17 at 15:28
@SteffenUllrich I didn't make up the 1.1.1.1 ip address :) While it is a public server, it is the wifi authentication gatekeeper so not remotely accessible. Potentially relevant information is that I used to be able to use curl to access the webpage. I am not sure when I last did it and what has been updated since then. The server could also have been updated.
– StrongBad
May 3 '17 at 15:33
@SteffenUllrich I didn't make up the 1.1.1.1 ip address :) While it is a public server, it is the wifi authentication gatekeeper so not remotely accessible. Potentially relevant information is that I used to be able to use curl to access the webpage. I am not sure when I last did it and what has been updated since then. The server could also have been updated.
– StrongBad
May 3 '17 at 15:33
@StrongBad: if it used to work and still works with a current Firefox try
curl --cipher DES-CBC3-SHA http://.... It might be that this cipher is disabled by default in your version of curl.– Steffen Ullrich
May 3 '17 at 15:40
@StrongBad: if it used to work and still works with a current Firefox try
curl --cipher DES-CBC3-SHA http://.... It might be that this cipher is disabled by default in your version of curl.– Steffen Ullrich
May 3 '17 at 15:40
@SteffenUllrich I get failed setting cipher list. It looks like I do not have that cipher installed
openssl ciphers -v | grep DES. I am using Arch.– StrongBad
May 3 '17 at 15:58
@SteffenUllrich I get failed setting cipher list. It looks like I do not have that cipher installed
openssl ciphers -v | grep DES. I am using Arch.– StrongBad
May 3 '17 at 15:58
|
show 1 more comment
4 Answers
4
active
oldest
votes
Please refer: https://stackoverflow.com/questions/34176433/lwp-iosocketssl-fails-with-ssl3-get-server-hellowrong-cipher-returned
You should check SSL, is it using IP or hostname? if it is using hostname best to use hostname instead of IP.
edited May 23 '17 at 12:40
Community♦
1
answered May 3 '17 at 13:40
Eric Zhang
664
add a comment |
Since I could connect to the server with Firefox, I added the CipherFox add-on. This allowed me to determine the cipher used by Firefox when connecting. In my case it was the cipher was TLS_RSA_WITH_AES_256_CBC_SHA. A little Googling led me to a list of ciphers that suggests that TLS_RSA_WITH_AES_256_CBC_SHA is AES256-SHA. I then simply ahd to tell curl to use the new cipher
curl --ciphers AES256-SHA -k https://1.1.1.1/login.html
As this is a public wifi login portal, I am not worried about security. If you are worried about security, you should probably make sure the cipher you are using is appropriate.
answered May 3 '17 at 18:20
StrongBad
2,16962654
add a comment |
SSL is a complex protocol with many options. The client and the server need to negociate to select compatible options. This is made especially difficult because one of the objectives of SSL is to protect against a man-in-the-middle attack and one of the possible methods of attack is to perturb the negociation — which has to happen before secure communication is established — in order to force insecure parameters.
SSLv3 is an obsolete version of the protocol. Today TLS 1.2 is preferred, 1.0 is ok (as is 1.1, but it's rare in practice). If the negociation goes down to SSLv3, either the server is seriously outdated or something went wrong (probably because the server is badly configured).
A useful tool to get more information about what's going on is Wireshark. Tell it to record TCP traffic to 1.1.1.1 on port 443 with the filter host 1.1.1.1 and port 443. Wireshark should automatically detect the connection as SSL and will display a detailed analysis of each message. In the SSL connection, the client first sends a “client hello” message which indicates what settings it supports, and the server replies with a “server hello” that makes a selection among the client's supported settings. Here it seems that the server has selected something that the client doesn't support, causing a protocol downgrade.
answered May 4 '17 at 6:59
Gilles
528k12810581583
add a comment |
curl -d "submit=accept&buttonClicked=4&err_flag=0&network_name=Guest%20Network" --ciphers AES256-SHA -k -X POST https://1.1.1.1/login.html
answered Dec 18 '18 at 19:20
MoreBrackets
1
Hello and welcome to the U&L stack exchange site! Please review the Help Center to get information on how to best post to this site. To get to your answer, please edit your post to include additional context How does this answer the question? Please elaborate. Thank you!
– kemotep
Dec 18 '18 at 19:57
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f362840%2fssl-cipher-error-with-curl%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
Please refer: https://stackoverflow.com/questions/34176433/lwp-iosocketssl-fails-with-ssl3-get-server-hellowrong-cipher-returned
You should check SSL, is it using IP or hostname? if it is using hostname best to use hostname instead of IP.
edited May 23 '17 at 12:40
Community♦
1
answered May 3 '17 at 13:40
Eric Zhang
664
add a comment |
Please refer: https://stackoverflow.com/questions/34176433/lwp-iosocketssl-fails-with-ssl3-get-server-hellowrong-cipher-returned
You should check SSL, is it using IP or hostname? if it is using hostname best to use hostname instead of IP.
edited May 23 '17 at 12:40
Community♦
1
answered May 3 '17 at 13:40
Eric Zhang
664
add a comment |
Please refer: https://stackoverflow.com/questions/34176433/lwp-iosocketssl-fails-with-ssl3-get-server-hellowrong-cipher-returned
You should check SSL, is it using IP or hostname? if it is using hostname best to use hostname instead of IP.
edited May 23 '17 at 12:40
Community♦
1
answered May 3 '17 at 13:40
Eric Zhang
664
Please refer: https://stackoverflow.com/questions/34176433/lwp-iosocketssl-fails-with-ssl3-get-server-hellowrong-cipher-returned
You should check SSL, is it using IP or hostname? if it is using hostname best to use hostname instead of IP.
edited May 23 '17 at 12:40
Community♦
1
answered May 3 '17 at 13:40
Eric Zhang
664
edited May 23 '17 at 12:40
Community♦
1
edited May 23 '17 at 12:40
Community♦
1
edited May 23 '17 at 12:40
Community♦
1
1
answered May 3 '17 at 13:40
Eric Zhang
664
answered May 3 '17 at 13:40
Eric Zhang
664
answered May 3 '17 at 13:40
Eric Zhang
664
664
add a comment |
add a comment |
Since I could connect to the server with Firefox, I added the CipherFox add-on. This allowed me to determine the cipher used by Firefox when connecting. In my case it was the cipher was TLS_RSA_WITH_AES_256_CBC_SHA. A little Googling led me to a list of ciphers that suggests that TLS_RSA_WITH_AES_256_CBC_SHA is AES256-SHA. I then simply ahd to tell curl to use the new cipher
curl --ciphers AES256-SHA -k https://1.1.1.1/login.html
As this is a public wifi login portal, I am not worried about security. If you are worried about security, you should probably make sure the cipher you are using is appropriate.
answered May 3 '17 at 18:20
StrongBad
2,16962654
add a comment |
Since I could connect to the server with Firefox, I added the CipherFox add-on. This allowed me to determine the cipher used by Firefox when connecting. In my case it was the cipher was TLS_RSA_WITH_AES_256_CBC_SHA. A little Googling led me to a list of ciphers that suggests that TLS_RSA_WITH_AES_256_CBC_SHA is AES256-SHA. I then simply ahd to tell curl to use the new cipher
curl --ciphers AES256-SHA -k https://1.1.1.1/login.html
As this is a public wifi login portal, I am not worried about security. If you are worried about security, you should probably make sure the cipher you are using is appropriate.
answered May 3 '17 at 18:20
StrongBad
2,16962654
add a comment |
Since I could connect to the server with Firefox, I added the CipherFox add-on. This allowed me to determine the cipher used by Firefox when connecting. In my case it was the cipher was TLS_RSA_WITH_AES_256_CBC_SHA. A little Googling led me to a list of ciphers that suggests that TLS_RSA_WITH_AES_256_CBC_SHA is AES256-SHA. I then simply ahd to tell curl to use the new cipher
curl --ciphers AES256-SHA -k https://1.1.1.1/login.html
As this is a public wifi login portal, I am not worried about security. If you are worried about security, you should probably make sure the cipher you are using is appropriate.
answered May 3 '17 at 18:20
StrongBad
2,16962654
Since I could connect to the server with Firefox, I added the CipherFox add-on. This allowed me to determine the cipher used by Firefox when connecting. In my case it was the cipher was TLS_RSA_WITH_AES_256_CBC_SHA. A little Googling led me to a list of ciphers that suggests that TLS_RSA_WITH_AES_256_CBC_SHA is AES256-SHA. I then simply ahd to tell curl to use the new cipher
curl --ciphers AES256-SHA -k https://1.1.1.1/login.html
As this is a public wifi login portal, I am not worried about security. If you are worried about security, you should probably make sure the cipher you are using is appropriate.
answered May 3 '17 at 18:20
StrongBad
2,16962654
answered May 3 '17 at 18:20
StrongBad
2,16962654
answered May 3 '17 at 18:20
StrongBad
2,16962654
answered May 3 '17 at 18:20
StrongBad
2,16962654
2,16962654
add a comment |
add a comment |
SSL is a complex protocol with many options. The client and the server need to negociate to select compatible options. This is made especially difficult because one of the objectives of SSL is to protect against a man-in-the-middle attack and one of the possible methods of attack is to perturb the negociation — which has to happen before secure communication is established — in order to force insecure parameters.
SSLv3 is an obsolete version of the protocol. Today TLS 1.2 is preferred, 1.0 is ok (as is 1.1, but it's rare in practice). If the negociation goes down to SSLv3, either the server is seriously outdated or something went wrong (probably because the server is badly configured).
A useful tool to get more information about what's going on is Wireshark. Tell it to record TCP traffic to 1.1.1.1 on port 443 with the filter host 1.1.1.1 and port 443. Wireshark should automatically detect the connection as SSL and will display a detailed analysis of each message. In the SSL connection, the client first sends a “client hello” message which indicates what settings it supports, and the server replies with a “server hello” that makes a selection among the client's supported settings. Here it seems that the server has selected something that the client doesn't support, causing a protocol downgrade.
answered May 4 '17 at 6:59
Gilles
528k12810581583
add a comment |
SSL is a complex protocol with many options. The client and the server need to negociate to select compatible options. This is made especially difficult because one of the objectives of SSL is to protect against a man-in-the-middle attack and one of the possible methods of attack is to perturb the negociation — which has to happen before secure communication is established — in order to force insecure parameters.
SSLv3 is an obsolete version of the protocol. Today TLS 1.2 is preferred, 1.0 is ok (as is 1.1, but it's rare in practice). If the negociation goes down to SSLv3, either the server is seriously outdated or something went wrong (probably because the server is badly configured).
A useful tool to get more information about what's going on is Wireshark. Tell it to record TCP traffic to 1.1.1.1 on port 443 with the filter host 1.1.1.1 and port 443. Wireshark should automatically detect the connection as SSL and will display a detailed analysis of each message. In the SSL connection, the client first sends a “client hello” message which indicates what settings it supports, and the server replies with a “server hello” that makes a selection among the client's supported settings. Here it seems that the server has selected something that the client doesn't support, causing a protocol downgrade.
answered May 4 '17 at 6:59
Gilles
528k12810581583
add a comment |
SSL is a complex protocol with many options. The client and the server need to negociate to select compatible options. This is made especially difficult because one of the objectives of SSL is to protect against a man-in-the-middle attack and one of the possible methods of attack is to perturb the negociation — which has to happen before secure communication is established — in order to force insecure parameters.
SSLv3 is an obsolete version of the protocol. Today TLS 1.2 is preferred, 1.0 is ok (as is 1.1, but it's rare in practice). If the negociation goes down to SSLv3, either the server is seriously outdated or something went wrong (probably because the server is badly configured).
A useful tool to get more information about what's going on is Wireshark. Tell it to record TCP traffic to 1.1.1.1 on port 443 with the filter host 1.1.1.1 and port 443. Wireshark should automatically detect the connection as SSL and will display a detailed analysis of each message. In the SSL connection, the client first sends a “client hello” message which indicates what settings it supports, and the server replies with a “server hello” that makes a selection among the client's supported settings. Here it seems that the server has selected something that the client doesn't support, causing a protocol downgrade.
answered May 4 '17 at 6:59
Gilles
528k12810581583
SSL is a complex protocol with many options. The client and the server need to negociate to select compatible options. This is made especially difficult because one of the objectives of SSL is to protect against a man-in-the-middle attack and one of the possible methods of attack is to perturb the negociation — which has to happen before secure communication is established — in order to force insecure parameters.
SSLv3 is an obsolete version of the protocol. Today TLS 1.2 is preferred, 1.0 is ok (as is 1.1, but it's rare in practice). If the negociation goes down to SSLv3, either the server is seriously outdated or something went wrong (probably because the server is badly configured).
A useful tool to get more information about what's going on is Wireshark. Tell it to record TCP traffic to 1.1.1.1 on port 443 with the filter host 1.1.1.1 and port 443. Wireshark should automatically detect the connection as SSL and will display a detailed analysis of each message. In the SSL connection, the client first sends a “client hello” message which indicates what settings it supports, and the server replies with a “server hello” that makes a selection among the client's supported settings. Here it seems that the server has selected something that the client doesn't support, causing a protocol downgrade.
answered May 4 '17 at 6:59
Gilles
528k12810581583
answered May 4 '17 at 6:59
Gilles
528k12810581583
answered May 4 '17 at 6:59
Gilles
528k12810581583
answered May 4 '17 at 6:59
Gilles
528k12810581583
528k12810581583
add a comment |
add a comment |
curl -d "submit=accept&buttonClicked=4&err_flag=0&network_name=Guest%20Network" --ciphers AES256-SHA -k -X POST https://1.1.1.1/login.html
answered Dec 18 '18 at 19:20
MoreBrackets
1
Hello and welcome to the U&L stack exchange site! Please review the Help Center to get information on how to best post to this site. To get to your answer, please edit your post to include additional context How does this answer the question? Please elaborate. Thank you!
– kemotep
Dec 18 '18 at 19:57
add a comment |
curl -d "submit=accept&buttonClicked=4&err_flag=0&network_name=Guest%20Network" --ciphers AES256-SHA -k -X POST https://1.1.1.1/login.html
answered Dec 18 '18 at 19:20
MoreBrackets
1
Hello and welcome to the U&L stack exchange site! Please review the Help Center to get information on how to best post to this site. To get to your answer, please edit your post to include additional context How does this answer the question? Please elaborate. Thank you!
– kemotep
Dec 18 '18 at 19:57
add a comment |
curl -d "submit=accept&buttonClicked=4&err_flag=0&network_name=Guest%20Network" --ciphers AES256-SHA -k -X POST https://1.1.1.1/login.html
answered Dec 18 '18 at 19:20
MoreBrackets
1
curl -d "submit=accept&buttonClicked=4&err_flag=0&network_name=Guest%20Network" --ciphers AES256-SHA -k -X POST https://1.1.1.1/login.html
answered Dec 18 '18 at 19:20
MoreBrackets
1
answered Dec 18 '18 at 19:20
MoreBrackets
1
answered Dec 18 '18 at 19:20
MoreBrackets
1
answered Dec 18 '18 at 19:20
MoreBrackets
1
1
Hello and welcome to the U&L stack exchange site! Please review the Help Center to get information on how to best post to this site. To get to your answer, please edit your post to include additional context How does this answer the question? Please elaborate. Thank you!
– kemotep
Dec 18 '18 at 19:57
add a comment |
Hello and welcome to the U&L stack exchange site! Please review the Help Center to get information on how to best post to this site. To get to your answer, please edit your post to include additional context How does this answer the question? Please elaborate. Thank you!
– kemotep
Dec 18 '18 at 19:57
Hello and welcome to the U&L stack exchange site! Please review the Help Center to get information on how to best post to this site. To get to your answer, please edit your post to include additional context How does this answer the question? Please elaborate. Thank you!
– kemotep
Dec 18 '18 at 19:57
Hello and welcome to the U&L stack exchange site! Please review the Help Center to get information on how to best post to this site. To get to your answer, please edit your post to include additional context How does this answer the question? Please elaborate. Thank you!
– kemotep
Dec 18 '18 at 19:57
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f362840%2fssl-cipher-error-with-curl%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
disablessl3.com
– Rui F Ribeiro
May 3 '17 at 13:42
1
The server you are trying to access is somewhat broken. Please provide the URL to the server (if it is public) to find out what exactly is broken with it.
– Steffen Ullrich
May 3 '17 at 15:28
@SteffenUllrich I didn't make up the 1.1.1.1 ip address :) While it is a public server, it is the wifi authentication gatekeeper so not remotely accessible. Potentially relevant information is that I used to be able to use curl to access the webpage. I am not sure when I last did it and what has been updated since then. The server could also have been updated.
– StrongBad
May 3 '17 at 15:33
@StrongBad: if it used to work and still works with a current Firefox try
curl --cipher DES-CBC3-SHA http://.... It might be that this cipher is disabled by default in your version of curl.– Steffen Ullrich
May 3 '17 at 15:40
@SteffenUllrich I get failed setting cipher list. It looks like I do not have that cipher installed
openssl ciphers -v | grep DES. I am using Arch.– StrongBad
May 3 '17 at 15:58