Hi, I have a Jetty Java application server configured with SSL/TLS in which one of the versions it does is TLS v1.3. It runs on Java 17 graalvm-ce-17.
This is the output of the version command on the curl I am using (MacOS X Tahoe, home-brew version) dlsa@besta facialrecognition % /opt/homebrew/opt/curl/bin/curl -V curl 8.18.0 (aarch64-apple-darwin25.2.0) libcurl/8.18.0 OpenSSL/3.6.1 zlib/1.2.12 brotli/1.2.0 zstd/1.5.7 AppleIDN libssh2/1.11.1 nghttp2/1.68.0 ngtcp2/1.20.0 nghttp3/1.15.0 mit-krb5/1.7-prerelease OpenLDAP/2.4.28/Apple Release-Date: 2026-01-07 Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss Features: alt-svc AppleSecTrust AsynchDNS brotli GSS-API HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd The command I run is : dlsa@besta facialrecognition % /opt/homebrew/opt/curl/bin/curl --trace-ascii httpreq.log --tlsv1.3 --cacert jettyhttpscerts/jettyhttpscertbundle.pem 'https://localhost:9433/auth/authorize' curl: (35) TLS connect error: error:0A000126:SSL routines::unexpected eof while reading The contents of the call’s log file is attached. In the log file there is the last bit that is sent before the disconnect : => Send SSL data, 5 bytes (0x5) 0000: ..... * TLSv1.3 (OUT), TLS alert, decode error (562): Which I suspected that, because the java server has a certificate signed through a CA certificate that I generated, Curl needs the option --cacert jettyhttpscerts/jettyhttpscertbundle.pem to tell it to use the certificate in the trust chain That is coming from the server. If not it will throw the decode error. That was what was happening also before I put the —caret option. But with the option I get the same error. So I am not sure if its related to the server certificate being generated by me. Could anyone shed some light into this ? Thanks, Regards
httpreq.log
Description: Binary data
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.html
