libcurl with OpenSSL reports error "CURL ERROR Unknown SSL protocol error in connection to" #1300
Comments
|
What is the curl_version()? What makes you think this is a bug in libcurl? Did you wireshark it? |
|
Curl version is 7.52.1. The OpenSSL version is 1.1.0d. This error is not consistent but occurs sometime. To be frank, i'm yet to conclude if this is really a bug in libcurl. Debugging is under progress. But my suspicious is cipher may differ between client and server |
|
Any update on this? Is it related to #1316 perhaps? |
|
Thanks Jay. Will look into this ticket 1316 and update you. Since this error occur very rarely, i couldn't capture the wireshark trace for debugging. Also i'm looking for adding adding error codes to OpenSSL from external library which helps to narrow down this issue deeper. |
|
The solution for #1316 saying that to include 3DES cipher as per rfc. But if this is really root cause for the issue i reported( #1300), then this error would always reproducible. The error i reported not occurring consistently but rarely. Is any error codes available to be included in libcurl for openssl? This error comes under "untreated error" in libcurl (lib/vtls/openssl.c) |
|
The "untreated error" section first attempts to get the error from OpenSSL using ERR_get_error but if it returns 0 then you'll end up with the unknown SSL protocol error messge. It's possible that there may be multiple servers and some have algorithms in common with your client and some don't. So your initial suspicion that they may not share ciphers could be correct. Without the wireshark trace I don't have more to say. The server may just be overloaded. I'm closing this for now, if you get any information that points to libcurl as the issue then reopen. |
- If SSL_get_error is called but no extended error detail is available then show that SSL_ERROR_* as a string. Prior to this change there was some inconsistency in that case: the SSL_ERROR_* code may or may not have been shown, or may have been shown as unknown even if it was known. Ref: curl#1300 Closes #xxxx
|
I have changed the unknown error message on SSL_connect to use the error code returned by SSL_get_error as a fallback when ERR_get_error doesn't return an error code. Please see PR #1348. |
- If SSL_get_error is called but no extended error detail is available then show that SSL_ERROR_* as a string. Prior to this change there was some inconsistency in that case: the SSL_ERROR_* code may or may not have been shown, or may have been shown as unknown even if it was known. Ref: #1300 Closes #1348
I did this
When libcurl connecting the tomcat server, i'm seeing this error sometime. Libcurl returns error code 35 and the error message saying "CURL ERROR Unknown SSL protocol error in connection to server:443". Both server and client using the SSL protocol versions TLSv1,TLSv1.1 and TLSv1.2. In the client side, i have set libcurl to prefer TLSv1 - curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1). In the server side, tomcat is enabled with SSL protocols - TLSv1,TLSv1.1,TLSv1.2
I expected the following
curl/libcurl version
Libcurl version is 7.52.1. The OpenSSL version is 1.1.0d
operating system
Linux (CentOS)
The text was updated successfully, but these errors were encountered: