$ curl --ciphers ALL -v https://216.121.28.78:443/ * Hostname was NOT found in DNS cache * Trying 216.121.28.78... * Connected to 216.121.28.78 (216.121.28.78) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * Unknown SSL protocol error in connection to 216.121.28.78:443 * Closing connection 0 curl: (35) Unknown SSL protocol error in connection to 216.121.28.78:443
$ curl --ciphers ALL -1 -v https://216.121.28.78:443/ * Hostname was NOT found in DNS cache * Trying 216.121.28.78... * Connected to 216.121.28.78 (216.121.28.78) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * Unknown SSL protocol error in connection to 216.121.28.78:443 * Closing connection 0 curl: (35) Unknown SSL protocol error in connection to 216.121.28.78:443 So here I receive the message I was originally told of - unknown ssl protocol error Checking on the REAL: $ curl --ciphers ALL -1 -v https://216.121.17.252:443/ * Hostname was NOT found in DNS cache * Trying 216.121.17.252... * Connected to 216.121.17.252 (216.121.17.252) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using ECDHE-RSA-AES256-SHA384 * Server certificate: * subject: C=US; ST=Texas; L=Dallas; O=ARTIZONE INC.; CN=*.artizone.com * start date: 2013-11-26 20:13:29 GMT * expire date: 2014-12-11 18:39:42 GMT * SSL: certificate subject name '*.artizone.com' does not match target host name '216.121.17.252' * Closing connection 0 * SSLv3, TLS alert, Client hello (1): curl: (51) SSL: certificate subject name '*.artizone.com' does not match target host name '216.121.17.252' Looks like it shakes hands fine... I expect to see the message about the subject name... so that's OK. Per the two outputs, looks like it breaks at the server hello -- in this case that'd be haproxy I'm guessing. - Brian Menges DevOps Architect @ GoGrid, LLC. -----Original Message----- From: Cyril Bonté [mailto:[email protected]] Sent: Tuesday, November 18, 2014 2:49 PM To: Brian Menges; [email protected] Subject: Re: debugging ssl passthrough+haproxy Hi Brian, Le 18/11/2014 20:12, Brian Menges a écrit : > $ curl --ssl --ciphers ALL -v 216.121.28.78:443 First issue here, please prefix your URL with https:// Otherwise curl will try to send plain HTTP on port 443. But I think there are other issues, I'll reply to your last mail. -- Cyril Bonté ________________________________ The information contained in this message, and any attachments, may contain confidential and legally privileged material. It is solely for the use of the person or entity to which it is addressed. Any review, retransmission, dissemination, or action taken in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer.
