Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

curl --tlsv1.3 doesn't seem to use tls1.3 #4928

Closed
Acenl12 opened this issue Feb 14, 2020 · 2 comments
Closed

curl --tlsv1.3 doesn't seem to use tls1.3 #4928

Acenl12 opened this issue Feb 14, 2020 · 2 comments
Labels
TLS

Comments

@Acenl12
Copy link

Acenl12 commented Feb 14, 2020
edited

When running curl --tlsv1.3 it doesn't seem to use tls 1.3. It does make a connection, but the test fails. See below for a site which support tls 1.3 for sure and the test.

curl --tlsv1.3 https://www.vevida.com -v
* Rebuilt URL to: https://www.vevida.com/
*   Trying 77.94.249.204...
* TCP_NODELAY set
* Connected to www.vevida.com (77.94.249.204) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Client hello (1):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: serialNumber=02079565; jurisdictionC=NL; businessCategory=Private Organization; C=NL; postalCode=9727 DL; ST=Groningen; L=Groningen; street=Rozenburglaan 3; O=Vevida B.V.; OU=Vevida; CN=vevida.com
*  start date: Jan 22 00:00:00 2020 GMT
*  expire date: Feb 20 23:59:59 2020 GMT
*  subjectAltName: host "www.vevida.com" matched cert's "www.vevida.com"
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Extended Validation Secure Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* Using Stream ID: 1 (easy handle 0x558e89332580)
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
> GET / HTTP/2
> Host: www.vevida.com
> User-Agent: curl/7.58.0
> Accept: */*
>
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
< HTTP/2 301
< date: Fri, 14 Feb 2020 19:50:41 GMT
< server: Apache
< strict-transport-security: max-age=15768000
< content-security-policy: default-src data: https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss://*.chatlio.com wss://ws.pusherapp.com
< x-frame-options: SAMEORIGIN
< x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
< referrer-policy: no-referrer-when-downgrade
< set-cookie: taal=nl; expires=Mon, 11-Feb-2030 19:50:41 GMT; Max-Age=315360000; path=/; domain=.vevida.com
< content-type: text/html; charset=UTF-8
< x-redirect-by: WordPress
< location: https://vevida.com/
< cache-control: max-age=604800
< expires: Fri, 21 Feb 2020 19:50:41 GMT
<
* Connection #0 to host www.vevida.com left intact

curl -V
curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.1 zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3
Release-Date: 2018-01-24
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
@jay jay added the TLS label Feb 14, 2020
@jay
Copy link
Member

jay commented Feb 14, 2020

It does make a connection, but the test fails. See below for a site which support tls 1.3 for sure and the test.

? Looks like TLS 1.3 to me. What is the test?

@bagder
Copy link
Member

bagder commented Feb 16, 2020

The output shows TLS 1.3 fine.

@bagder bagder closed this as completed Feb 16, 2020
@lock lock bot locked as resolved and limited conversation to collaborators May 20, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
TLS
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bagder @jay @Acenl12