On Thu, Feb 19, 2026 at 1:08 AM Daniel Santos via curl-users < [email protected]> wrote:
> Hi, > > I have a Jetty Java application server configured with SSL/TLS in which > one of the versions it does is TLS v1.3. > It runs on Java 17 graalvm-ce-17. > > This is the output of the version command on the curl I am using (MacOS X > Tahoe, home-brew version) > > dlsa@besta facialrecognition % /opt/homebrew/opt/curl/bin/curl -V > curl 8.18.0 (aarch64-apple-darwin25.2.0) libcurl/8.18.0 OpenSSL/3.6.1 > zlib/1.2.12 brotli/1.2.0 zstd/1.5.7 AppleIDN libssh2/1.11.1 nghttp2/1.68.0 > ngtcp2/1.20.0 nghttp3/1.15.0 mit-krb5/1.7-prerelease OpenLDAP/2.4.28/Apple > Release-Date: 2026-01-07 > Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs > ipns ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet > tftp ws wss > Features: alt-svc AppleSecTrust AsynchDNS brotli GSS-API HSTS HTTP2 HTTP3 > HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM SPNEGO SSL threadsafe > TLS-SRP UnixSockets zstd > > The command I run is : > > dlsa@besta facialrecognition % /opt/homebrew/opt/curl/bin/curl > --trace-ascii httpreq.log --tlsv1.3 --cacert > jettyhttpscerts/jettyhttpscertbundle.pem ' > https://localhost:9433/auth/authorize' > curl: (35) TLS connect error: error:0A000126:SSL routines::unexpected eof > while reading > > The contents of the call’s log file is attached. > > In the log file there is the last bit that is sent before the disconnect : > > => Send SSL data, 5 bytes (0x5) > 0000: ..... > * TLSv1.3 (OUT), TLS alert, decode error (562): > > Which I suspected that, because the java server has a certificate signed > through a CA certificate that I generated, > Curl needs the option --cacert jettyhttpscerts/jettyhttpscertbundle.pem to > tell it to use the certificate in the trust chain > That is coming from the server. > > If not it will throw the decode error. That was what was happening also > before I put the —caret option. > But with the option I get the same error. > So I am not sure if its related to the server certificate being generated > by me. > > Could anyone shed some light into this ? It sounds like (to me) the server at localhost:9433 is _not_ serving pages over TLS. The TLS handshake is not occuring, and ASCII data from http is being served. Can you connect to localhost:9433 using https with a browser? Jeff
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.html
