Tell me the best way to fix a curl sslv3 alert?
I'm trying to curl the https website in the following way
$ curl -v https://thepiratebay.se/
However it fails with the error.
* About to connect() to thepiratebay.se port 443 (#0)
* Trying 173.245.61.146...
* connected
* Connected to thepiratebay.se (173.245.61.146) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
* Closing connection #0
curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Using -k
/ --insecure
or adding insecure
to my ~/.curlrc
doesn't make any difference.
How do I ignore or force the certificate using curl
command line?
When using wget
seems to work fine. Also works when testing with openssl
as below.
$ openssl s_client -connect thepiratebay.se:443
CONNECTED(00000003)
SSL handshake has read 2651 bytes and written 456 bytes
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES128-SHA
I've got it
$ curl --version
curl 7.28.1 (x86_64-apple-darwin10.8.0) libcurl/7.28.1 OpenSSL/0.9.8| zlib/1.2.5 libidn/1.17
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz
Best Answer
Some sites disable support for SSL 3.0 (possible because of many exploits/vulnerabilities), so it's possible to force specific SSL version by either -2
/--sslv2
or -3
/--sslv3
.
Also -L
is worth a try if requested page has moved to a different location.
In my case it was a curl
bug ( found in OpenSSL ), so curl
needed to be upgraded to the latest version (>7.40) and it worked fine.
See also.