I'm trying to curl the https website in the following way
$ curl -v https://thepiratebay.se/
However it fails with the error.
* About to connect() to thepiratebay.se port 443 (#0) * Trying 220.127.116.11... * connected * Connected to thepiratebay.se (18.104.22.168) port 443 (#0) * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS alert, Server hello (2): * error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure * Closing connection #0 curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
--insecure or adding
insecure to my
~/.curlrc doesn't make any difference.
How do I ignore or force the certificate using
curl command line?
wget seems to work fine. Also works when testing with
openssl as below.
$ openssl s_client -connect thepiratebay.se:443 CONNECTED(00000003) SSL handshake has read 2651 bytes and written 456 bytes New, TLSv1/SSLv3, Cipher is AES128-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES128-SHA
I've got it
$ curl --version curl 7.28.1 (x86_64-apple-darwin10.8.0) libcurl/7.28.1 OpenSSL/0.9.8| zlib/1.2.5 libidn/1.17 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz
Some sites disable support for SSL 3.0 (possible because of many exploits/vulnerabilities), so it's possible to force specific SSL version by either
-L is worth a try if requested page has moved to a different location.
In my case it was a
curl bug ( found in OpenSSL ), so
curl needed to be upgraded to the latest version (>7.40) and it worked fine.