Skip to content
Browse files
BROOKLYN-588: add to troubleshooting for curl failure
  • Loading branch information
aledsage committed Jun 4, 2018
1 parent 55055c3 commit 093f483c133b856369afc2f7a7a2cdd9b1a74e4f
Showing 1 changed file with 24 additions and 0 deletions.
@@ -189,3 +189,27 @@ traffic filtering such as child-safe type filtering:

To resolve this try disabling traffic filtering and setting your DNS to a public server such as to use google
[DNS]( [See here]( for details on how to configure this.

## Download with Curl Fails on CentOS 7.0 due to TLS Negotiation

When downloading an install artifact with Curl, using CentOS 7.0, one can get the failure shown below:

curl: (35) Peer reports incompatible or unsupported protocol version.

This can be caused by incompatible TLS negotiation with the web server (e.g. with github). For more details, see
[Red Hat bug 1170339, "use the default min/max TLS version provided by NSS [RHEL-7]"](

To confirm this is the issue, try running the failing curl command on the same machine with `curl -v` for verbose output.
You should see a more detailed error such as:

Cannot communicate securely with peer: no common encryption algorithm(s).
Closing connection 1

Possible workarounds include:

1. Use a more recent version of CentOS. On AWS, a good choice is the most recent image from the
[AWS marketplace]( However, this involves first subscribing to it in the marketplace. The Amazon Linux AMI is another good choice, but this is not a normal CentOS image so it depends what distro(s) the entity was developed/tested against.

2. Change your blueprint to first do `sudo yum update -y curl nss`, before the curl command is executed.

0 comments on commit 093f483

Please sign in to comment.