I use Curl Library C API to request a Https Url, but got an error of "Empty reply from server". So I used standard Curl command to request the same Url, and get correct result. I noticed that a major difference from the dump out information is that different Cipher algorithm is used. So that I change my code by setting RC4-MD5 as in the cipher list, and the request becomes correct.
I don't feel I perfectly fix the problem since this is a bit like hard coding. Is there an automatic way letting curl to negotiate and choose proper cipher method? Thanks for your advice. I have listed 3 message dump below: (1) My initial program dump (failed); (2) Standard Curl command dump (successful); (3) Changed program dump (successful). ################################################## (1) My initial program dump (failed) Rebuilt URL to: https://Loadtech.etdatacenter.com/ Hostname was NOT found in DNS cache Trying 69.48.209.242... Connected to Loadtech.etdatacenter.com (69.48.209.242) port 443 (#0) successfully set certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none SSLv3, TLS handshake, Client hello (1): SSLv3, TLS handshake, Server hello (2): SSLv3, TLS handshake, CERT (11): SSLv3, TLS handshake, Server finished (14): SSLv3, TLS handshake, Client key exchange (16): SSLv3, TLS change cipher, Client hello (1): SSLv3, TLS handshake, Finished (20): SSLv3, TLS change cipher, Client hello (1): SSLv3, TLS handshake, Finished (20): SSL connection using TLSv1.0 / DES-CBC3-SHA Server certificate: subject: C=US; ST=Pennsylvania; L=Pittsburgh; O=Express Technologies; OU=Data Center; CN=loadtech.etdatacenter.com start date: 2014-03-28 00:00:00 GMT expire date: 2016-04-22 23:59:59 GMT issuer: C=US; O=Thawte, Inc.; CN=Thawte SSL CA SSL certificate verify ok. GET / HTTP/1.1 Host: Loadtech.etdatacenter.com Accept: */* Accept-Language: en-us Referer: http://www.hyperspin.com/monitored-by-user-dbrand User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; www.xxx.com username dbrand) Empty reply from server Connection #0 to host Loadtech.etdatacenter.com left intact ############################################################## (2) Standard Curl command dump (successful) curl -v https://Loadtech.etdatacenter.com * About to connect() to Loadtech.etdatacenter.com port 443 (#0) * Trying 69.48.209.242... connected * Connected to Loadtech.etdatacenter.com (69.48.209.242) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using SSL_RSA_WITH_RC4_128_MD5 * Server certificate: * subject: CN=loadtech.etdatacenter.com,OU=Data Center,O=Express Technologies,L=Pittsburgh,ST=Pennsylvania,C=US * start date: Mar 28 00:00:00 2014 GMT * expire date: Apr 22 23:59:59 2016 GMT * common name: loadtech.etdatacenter.com * issuer: CN=Thawte SSL CA,O="Thawte, Inc.",C=US > GET / HTTP/1.1 > User-Agent: curl/7.19.7 (i386-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: Loadtech.etdatacenter.com > Accept: */* > < HTTP/1.1 200 OK < Date: Sun, 15 Jun 2014 13:10:35 GMT < Server: Microsoft-IIS/6.0 < Content-Length: 239 < Content-Type: text/html < Content-Location: https://loadtech.etdatacenter.com/WebInterface.htm < Last-Modified: Fri, 11 Apr 2008 17:06:45 GMT < Accept-Ranges: bytes < ETag: "6669ea6bf69bc81:7b4" < X-Powered-By: ASP.NET < <!-- WebInterface.htm Copyright (c) 2000 - 2007 Citrix Systems, Inc. All Rights Reserved. Web Interface 4.6.0.18291 --> <script type="text/javascript"> <!-- window.location="/Citrix/AccessPlatform"; // --> * Connection #0 to host Loadtech.etdatacenter.com left intact * Closing connection #0 ####################################################### (3) Changed program dump (successful) Rebuilt URL to: https://Loadtech.etdatacenter.com/ Hostname was NOT found in DNS cache Trying 69.48.209.242... Connected to Loadtech.etdatacenter.com (69.48.209.242) port 443 (#0) successfully set certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none SSLv3, TLS handshake, Client hello (1): SSLv3, TLS handshake, Server hello (2): SSLv3, TLS handshake, CERT (11): SSLv3, TLS handshake, Server finished (14): SSLv3, TLS handshake, Client key exchange (16): SSLv3, TLS change cipher, Client hello (1): SSLv3, TLS handshake, Finished (20): SSLv3, TLS change cipher, Client hello (1): SSLv3, TLS handshake, Finished (20): SSL connection using TLSv1.0 / RC4-MD5 Server certificate: subject: C=US; ST=Pennsylvania; L=Pittsburgh; O=Express Technologies; OU=Data Center; CN=loadtech.etdatacenter.com start date: 2014-03-28 00:00:00 GMT expire date: 2016-04-22 23:59:59 GMT issuer: C=US; O=Thawte, Inc.; CN=Thawte SSL CA SSL certificate verify ok. GET / HTTP/1.1 Host: Loadtech.etdatacenter.com Accept: */* Accept-Language: en-us Referer: http://www.hyperspin.com/monitored-by-user-dbrand User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; www.hyperspin.com username dbrand) HTTP/1.1 200 OK Date: Sun, 15 Jun 2014 13:09:43 GMT Server Microsoft-IIS/6.0 is not blacklisted Server: Microsoft-IIS/6.0 Content-Length: 239 Content-Type: text/html Content-Location: https://loadtech.etdatacenter.com/WebInterface.htm Last-Modified: Fri, 11 Apr 2008 17:06:45 GMT Accept-Ranges: bytes ETag: "6669ea6bf69bc81:7b4" X-Powered-By: ASP.NET <!-- WebInterface.htm Copyright (c) 2000 - 2007 Citrix Systems, Inc. All Rights Reserved. Web Interface 4.6.0.18291 --> <script type="text/javascript"> <!-- window.location="/Citrix/AccessPlatform"; // --> </script>Connection #0 to host Loadtech.etdatacenter.com left intact -- Woods
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
