Package: curl Version: 7.65.3-1 Severity: normal -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
I'm trying to use curl with an old server on my local net. The server has a self-signed certificate and I don't care about the security, so I've added the - - -k (--insecure) switch. This should make curl connect anyway, disregarding security. However, I see the following error: $ curl -v -k --resolve sandbox1.dev.wordpress.example.com:443:10.16.160.13 https://sandbox1.dev.wordpress.example.com * Added sandbox1.dev.wordpress.example.com:443:10.16.160.13 to DNS cache * Hostname sandbox1.dev.wordpress.example.com was found in DNS cache * Trying 10.16.160.13:443... * TCP_NODELAY set * Connected to sandbox1.dev.wordpress.example.com (10.16.160.13) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (OUT), TLS alert, handshake failure (552): * error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small * Closing connection 0 curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small This seems similar to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907788 except that in this case, I'm explicitly telling curl to disregard security. - -- System Information: Debian Release: 10.0 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.1.12 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages curl depends on: ii libc6 2.28-10 ii libcurl4 7.65.3-1 ii zlib1g 1:1.2.11.dfsg-1 curl recommends no packages. curl suggests no packages. - -- no debconf information -----BEGIN PGP SIGNATURE----- iHUEAREIAB0WIQT5xLt2Dng/DewQpoprjrOgZc+6qQUCXWBjUQAKCRBrjrOgZc+6 qfntAP442C0BvhyEzBKhWhBD6HYQTaFAVYKnB5qUYnTNbORJHgD+JlnLEiOyvg9E 10UYplV0ggwmtc28GDUICepP9CD+7eCIiAQBFggAMBYhBO7QFYAT3C5tbgAepDe5 UHrP8gFuBQJdYGNYEhxicmlhbkBtaW50b24ubmFtZQAKCRA3uVB6z/IBbh+EAQCt LOzbeM0fEtiUydrKH1l/giwtpWgY5+G0qxoldwUSnAEA9mRnXRp0TdiElpAdxrus hHhz9OBZgC2udhxgCcLeOQ0= =5HYJ -----END PGP SIGNATURE-----