On Thursday 25 February 2016 11:12:20 cnm marketing wrote: > Yes, we tried both with no luck - > > CURLOPT_SSLVERSION: CURL_SSLVERSION_DEFAULT, CURL_SSLVERSION_TLSv1, > CURL_SSLVERSION_SSLv2 > and CURL_SSLVERSION_SSLv3 > CURLOPT_SSL_CIPHER_LIST: tried all the cipher returned from "openssl > ciphers 'ALL:eNULL'"
The cipher-suite identifiers used by OpenSSL are incompatible with the identifiers used by NSS. Please check which cipher-suite exactly is used in the working case and try to look it up in the following table: https://github.com/curl/curl/blob/64fa3b8d/lib/vtls/nss.c#L104 Is the server in question available anywhere for testing? Kamil > In addition, we are using the following nss-softokn-freebl > [root]# rpm -qa |grep nss-softokn > nss-softokn-3.14.3-10.el6_5.x86_64 > nss-softokn-freebl-3.14.3-3.el6_4.i686 > nss-softokn-freebl-3.14.3-3.el6_4.x86_64 > > On Thu, Feb 25, 2016 at 10:00 AM, Kamil Dudka <[email protected]> wrote: > > On Thursday 25 February 2016 09:15:37 cnm marketing wrote: > > > Hi, > > > > > > We use two different ports to do libcurl operations on "CentOS release > > > > 6.6 > > > > > (Final)". > > > > > > In an internal port A, with "CURLOPT_VERBOSE" on, we got this message "* > > > Initializing NSS with certpath: sql:/etc/pki/nssdb" when using url > > > "https://xxxx.aaa.com:portA";, then program hangs. However, it works if > > > > we > > > > > change "https" to "http". In addition, we try "openssl s_client -cipher > > > ...." to get cipher information via port A, it fails (timeout) for all > > > > the > > > > > cipher returned from "openssl ciphers 'ALL:eNULL' ....". > > > > > > In another port B, it works for both "https" and "http". When using > > > > openssl > > > > > to get cipher info. it also works fine. > > > > > > > > > Thanks, > > > cnm > > > > Have you tried to switch the SSL version and/or enabled cipher-suites? > > > > OpenSSL and NSS have different default configuration from each other. > > > > Please have a look at the following options: > > > > https://curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html > > https://curl.haxx.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html > > > > Kamil ------------------------------------------------------------------- List admin: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
