[curl 0005095]: curl: (35) error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext
The following issue has been CLOSED == https://www.opencsw.org/mantis/view.php?id=5095 == Reported By:hudesd Assigned To:dam == Project:curl Issue ID: 5095 Category: regular use Reproducibility:always Severity: major Priority: normal Status: closed Resolution: open Fixed in Version: == Date Submitted: 2013-07-19 21:13 CEST Last Modified: 2013-12-14 17:37 CET == Summary:curl: (35) error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext Description: Connecting to download from IBM mainframe via ftps gets the error curl: (35) error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext Using the old Solaris SFWcurl 7.19.5 with old libssl 0.9.7 works. Using the Solaris 11 curl 7.21 with ssl 1.0.0 doesn't work either. The command line for connection, with username and password elided: /opt/csw/bin/curl --engine pkcs11 -R --trace-ascii /var/tmp/curl.log --disable-epsv --ssl-reqd -k -m 30 -l -G -u XXX:YYY ftp://nhpafts1:19003/FISAFMS/ Content /var/tmp/curl.log: == Info: set default crypto engine 'pkcs11' == Info: About to connect() to nhpafts1 port 19003 (https://www.opencsw.org/mantis/view.php?id=0) == Info: Trying 10.185.8.14... == Info: connected == Info: Connected to nhpafts1 (10.185.8.14) port 19003 (https://www.opencsw.org/mantis/view.php?id=0) = Recv header, 32 bytes (0x20) : 220 Server ready for new user. = Send header, 10 bytes (0xa) : AUTH SSL = Recv header, 38 bytes (0x26) : 234 Security data exchange complete. == Info: successfully set certificate verify locations: == Info: CAfile: none CApath: /opt/csw/ssl/certs == Info: SSLv3, TLS handshake, Client hello (1): = Send SSL data, 341 bytes (0x155) : ...Q..Q...G..~S..6..0..l...vQ0.,.(.$..!.k. 0040: j.9.8.2...*=.5./.+.'.#. 0080: g.@.3.2.E.D.1.-.).%/...A... 00c0: ..nhpafts1.fisa.nycnet...4.2 0100: .. 0140: . == Info: SSLv3, TLS handshake, Server hello (2): = Recv SSL data, 66 bytes (0x42) : .Q..._.8z.P.'o.q..!_.Y..Kb.'...cf...f)6...5... 0040: .. == Info: SSLv3, TLS alert, Server hello (2): = Send SSL data, 2 bytes (0x2) : .p == Info: error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext == Info: Closing connection https://www.opencsw.org/mantis/view.php?id=0 == -- (0010669) dam (administrator) - 2013-12-14 17:37 https://www.opencsw.org/mantis/view.php?id=5095#c10669 -- No feedback, closing.
[bug-notifications] [curl 0005095]: curl: (35) error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext
A NOTE has been added to this issue. == https://www.opencsw.org/mantis/view.php?id=5095 == Reported By:hudesd Assigned To:dam == Project:curl Issue ID: 5095 Category: regular use Reproducibility:always Severity: major Priority: normal Status: feedback == Date Submitted: 2013-07-19 21:13 CEST Last Modified: 2013-08-27 16:13 CEST == Summary:curl: (35) error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext Description: Connecting to download from IBM mainframe via ftps gets the error curl: (35) error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext Using the old Solaris SFWcurl 7.19.5 with old libssl 0.9.7 works. Using the Solaris 11 curl 7.21 with ssl 1.0.0 doesn't work either. The command line for connection, with username and password elided: /opt/csw/bin/curl --engine pkcs11 -R --trace-ascii /var/tmp/curl.log --disable-epsv --ssl-reqd -k -m 30 -l -G -u XXX:YYY ftp://nhpafts1:19003/FISAFMS/ Content /var/tmp/curl.log: == Info: set default crypto engine 'pkcs11' == Info: About to connect() to nhpafts1 port 19003 (https://www.opencsw.org/mantis/view.php?id=0) == Info: Trying 10.185.8.14... == Info: connected == Info: Connected to nhpafts1 (10.185.8.14) port 19003 (https://www.opencsw.org/mantis/view.php?id=0) = Recv header, 32 bytes (0x20) : 220 Server ready for new user. = Send header, 10 bytes (0xa) : AUTH SSL = Recv header, 38 bytes (0x26) : 234 Security data exchange complete. == Info: successfully set certificate verify locations: == Info: CAfile: none CApath: /opt/csw/ssl/certs == Info: SSLv3, TLS handshake, Client hello (1): = Send SSL data, 341 bytes (0x155) : ...Q..Q...G..~S..6..0..l...vQ0.,.(.$..!.k. 0040: j.9.8.2...*=.5./.+.'.#. 0080: g.@.3.2.E.D.1.-.).%/...A... 00c0: ..nhpafts1.fisa.nycnet...4.2 0100: .. 0140: . == Info: SSLv3, TLS handshake, Server hello (2): = Recv SSL data, 66 bytes (0x42) : .Q..._.8z.P.'o.q..!_.Y..Kb.'...cf...f)6...5... 0040: .. == Info: SSLv3, TLS alert, Server hello (2): = Send SSL data, 2 bytes (0x2) : .p == Info: error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext == Info: Closing connection https://www.opencsw.org/mantis/view.php?id=0 == -- (0010558) dam (administrator) - 2013-08-27 16:13 https://www.opencsw.org/mantis/view.php?id=5095#c10558 -- Which version of libssl are you running? Please try pkginfo -x CSWlibssl1-0-0 You are probably running a version prior to 1.0.1e,REV=2013.08.08 which had issues in the pkcs#11 acceleration on Sparc. ___ bug-notifications mailing list bug-notifications@lists.opencsw.org https://lists.opencsw.org/mailman/listinfo/bug-notifications
[bug-notifications] [curl 0005095]: curl: (35) error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext
The following issue has been ASSIGNED. == https://www.opencsw.org/mantis/view.php?id=5095 == Reported By:hudesd Assigned To:dam == Project:curl Issue ID: 5095 Category: regular use Reproducibility:always Severity: major Priority: normal Status: assigned == Date Submitted: 2013-07-19 21:13 CEST Last Modified: 2013-07-23 13:56 CEST == Summary:curl: (35) error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext Description: Connecting to download from IBM mainframe via ftps gets the error curl: (35) error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext Using the old Solaris SFWcurl 7.19.5 with old libssl 0.9.7 works. Using the Solaris 11 curl 7.21 with ssl 1.0.0 doesn't work either. The command line for connection, with username and password elided: /opt/csw/bin/curl --engine pkcs11 -R --trace-ascii /var/tmp/curl.log --disable-epsv --ssl-reqd -k -m 30 -l -G -u XXX:YYY ftp://nhpafts1:19003/FISAFMS/ Content /var/tmp/curl.log: == Info: set default crypto engine 'pkcs11' == Info: About to connect() to nhpafts1 port 19003 (https://www.opencsw.org/mantis/view.php?id=0) == Info: Trying 10.185.8.14... == Info: connected == Info: Connected to nhpafts1 (10.185.8.14) port 19003 (https://www.opencsw.org/mantis/view.php?id=0) = Recv header, 32 bytes (0x20) : 220 Server ready for new user. = Send header, 10 bytes (0xa) : AUTH SSL = Recv header, 38 bytes (0x26) : 234 Security data exchange complete. == Info: successfully set certificate verify locations: == Info: CAfile: none CApath: /opt/csw/ssl/certs == Info: SSLv3, TLS handshake, Client hello (1): = Send SSL data, 341 bytes (0x155) : ...Q..Q...G..~S..6..0..l...vQ0.,.(.$..!.k. 0040: j.9.8.2...*=.5./.+.'.#. 0080: g.@.3.2.E.D.1.-.).%/...A... 00c0: ..nhpafts1.fisa.nycnet...4.2 0100: .. 0140: . == Info: SSLv3, TLS handshake, Server hello (2): = Recv SSL data, 66 bytes (0x42) : .Q..._.8z.P.'o.q..!_.Y..Kb.'...cf...f)6...5... 0040: .. == Info: SSLv3, TLS alert, Server hello (2): = Send SSL data, 2 bytes (0x2) : .p == Info: error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext == Info: Closing connection https://www.opencsw.org/mantis/view.php?id=0 == ___ bug-notifications mailing list bug-notifications@lists.opencsw.org https://lists.opencsw.org/mailman/listinfo/bug-notifications
[bug-notifications] [curl 0005095]: curl: (35) error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext
The following issue requires your FEEDBACK. == https://www.opencsw.org/mantis/view.php?id=5095 == Reported By:hudesd Assigned To:dam == Project:curl Issue ID: 5095 Category: regular use Reproducibility:always Severity: major Priority: normal Status: feedback == Date Submitted: 2013-07-19 21:13 CEST Last Modified: 2013-07-23 14:01 CEST == Summary:curl: (35) error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext Description: Connecting to download from IBM mainframe via ftps gets the error curl: (35) error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext Using the old Solaris SFWcurl 7.19.5 with old libssl 0.9.7 works. Using the Solaris 11 curl 7.21 with ssl 1.0.0 doesn't work either. The command line for connection, with username and password elided: /opt/csw/bin/curl --engine pkcs11 -R --trace-ascii /var/tmp/curl.log --disable-epsv --ssl-reqd -k -m 30 -l -G -u XXX:YYY ftp://nhpafts1:19003/FISAFMS/ Content /var/tmp/curl.log: == Info: set default crypto engine 'pkcs11' == Info: About to connect() to nhpafts1 port 19003 (https://www.opencsw.org/mantis/view.php?id=0) == Info: Trying 10.185.8.14... == Info: connected == Info: Connected to nhpafts1 (10.185.8.14) port 19003 (https://www.opencsw.org/mantis/view.php?id=0) = Recv header, 32 bytes (0x20) : 220 Server ready for new user. = Send header, 10 bytes (0xa) : AUTH SSL = Recv header, 38 bytes (0x26) : 234 Security data exchange complete. == Info: successfully set certificate verify locations: == Info: CAfile: none CApath: /opt/csw/ssl/certs == Info: SSLv3, TLS handshake, Client hello (1): = Send SSL data, 341 bytes (0x155) : ...Q..Q...G..~S..6..0..l...vQ0.,.(.$..!.k. 0040: j.9.8.2...*=.5./.+.'.#. 0080: g.@.3.2.E.D.1.-.).%/...A... 00c0: ..nhpafts1.fisa.nycnet...4.2 0100: .. 0140: . == Info: SSLv3, TLS handshake, Server hello (2): = Recv SSL data, 66 bytes (0x42) : .Q..._.8z.P.'o.q..!_.Y..Kb.'...cf...f)6...5... 0040: .. == Info: SSLv3, TLS alert, Server hello (2): = Send SSL data, 2 bytes (0x2) : .p == Info: error:140920E3:SSL routines:SSL3_GET_SERVER_HELLO:parse tlsext == Info: Closing connection https://www.opencsw.org/mantis/view.php?id=0 == -- (0010504) dam (administrator) - 2013-07-23 14:01 https://www.opencsw.org/mantis/view.php?id=5095#c10504 -- Hi Dana, as the issue also occurs on the curl shipped with Solaris 11 this seems not to be an issue with the packaging, but with the curl upstream version and/or OpenSSL. I suggest you open a bug report upstream at http://curl.haxx.se/docs/bugs.html There is also a similar bug reported against wget with the newer OpenSSL 1.0.0 https://www.opencsw.org/mantis/view.php?id=5068 with a failing handshake which is however rooted in a problem at the other side. Kind regards -- Dago ___ bug-notifications mailing list bug-notifications@lists.opencsw.org https://lists.opencsw.org/mailman/listinfo/bug-notifications