Le 2021-12-13 15:06, Cristian Rodríguez a écrit :
On Sun, Dec 12, 2021 at 4:24 PM Thierry Huchard via curl-library
<curl-library@lists.haxx.se> wrote:
But with "--tls-max 1.0" or "--tls-max 1.1", curl can connect to XK90.
With "--tls-max 1.2" and "--tls-max 1.3", curl returns the same error
described above
ok.. then curl_easy_setopt() CURL_SSLVERSION_TLSv1_1... either the
target system chokes with openssl's tls negotiation (i.e system is
hosed) or the most likely scenario is that opennsl refuses to offer
obsolete ciphersuites or imposes extra constraints when using tls 1.2.
Use the suggested workaround or contact the device manufacturer for a
firmware update.
I am the maintainer of the canon_pixma backend for Canon scanners, it is
based on Canon binary.
I opened a ticket with them, several months ago, here is the answer
received this morning:
//////////////////////// Canon Europe ///////////////////////////////
RE: Canon Developer Programme New Support Call 00763131
De Canon Developer Support
Date Aujourd’hui 11:38
Corps du courriel
Hi Thierry,
Unfortunately I have not been able to make any progress with your
questions.
Therefore I have to close the support call.
We are sorry we were unable to assist you on this occasion.
Best wishes,
Nick
//////////////////////// End Canon Europe
///////////////////////////////
Ask them to update a firmware, it will be complicated ...
I'll go with this workaround:
| static int proto_tls[] = {
| CURL_SSLVERSION_MAX_DEFAULT,
| CURL_SSLVERSION_MAX_TLSv1_3,
| CURL_SSLVERSION_MAX_TLSv1_2,
| CURL_SSLVERSION_MAX_TLSv1_1,
| CURL_SSLVERSION_MAX_TLSv1_0,
| -1
| };
|
| static int
| escl_tls_protocol_supported(char *url, int proto)
| {
| CURLcode res = CURLE_UNSUPPORTED_PROTOCOL;
| CURL *curl = curl_easy_init();
| if(curl) {
| curl_easy_setopt(curl, CURLOPT_URL, url);
|
| /* ask libcurl to use TLS version 1.0 or later */
| curl_easy_setopt(curl, CURLOPT_SSLVERSION, proto);
| curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
| curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
| curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
| curl_easy_setopt(curl, CURLOPT_MAXREDIRS, 3L);
| /* Perform the request */
| res = curl_easy_perform(curl);
| curl_easy_cleanup(curl);
| }
| return res;
| }
|
| static int
| escl_is_tls(char * url)
| {
| int tls_version = 0;
| if(!strcmp(type, "_uscans._tcp") ||
| !strcmp(type, "https"))
| {
| while(proto_tls[tls_version] != -1)
| {
| if (escl_tls_protocol_supported(url,
proto_tls[tls_version]) == CURLE_OK)
| {
| DBG(10, "curl tls compatible (%d)\n",
proto_tls[tls_version]);
| break;
| }
| tls_version++;
| }
| if (proto_tls[tls_version] == -1)
| return 0;
| }
| return tls_version;
| }
|
Thank you all for your answers!
Thierry
--
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
