Karl Dahlke wrote on Mon, Sep 02, 2019: > > I do not exactly understand your 'gnutls' vs 'openssl'... > > Guess what, neither do I. > We convinced ourselves a year ago that was the problem, but ldd clearly shows > my curl linking to openssl, and > curl https://weloveanimals.me > fails on my machine; I switch to another machine, still curl + openssl, and > it works. > So we still don't understand it at all. > I wish we did.
Hmm, I thought it could be that debian raised the minimum tls version in /etc/ssl/openssl.cnf a year ago or two (MinProtocol = TLSv1.2 in [system_default_sect] section of the file), but that website appears to support older protocols as well if I try to force these with the openssl s_client command... I can connect to it just fine using gnutls-cli as well so it might be something specific to a precise version of debian (tested on a recent-ish buster). Possibly the certificate authority (CA) that this website uses is not bundled by debian? But then I don't see what rebuilding curl would help you with in that case, Kevin might have had a different issue that needed him to rebuild curl. -- Dominique
