Public bug reported: Mint 20.3 (Ubuntu 20.04)
$ curl -V curl 7.68.0 (x86_64-pc-linux-gnu) libcurl/7.68.0 OpenSSL/1.1.1f zlib/1.2.11 brotli/1.0.7 libidn2/2.2.0 libpsl/0.21.0 (+libidn2/2.2.0) libssh/0.9.3/openssl/zlib nghttp2/1.40.0 librtmp/2.3 Release-Date: 2020-01-08 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp Features: AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets It seems that support for TLSv1.0 was removed from curl or some SSL library. It is not possible to use curl to test if web site still supports tls v1.0. I have some old devices in my lab those support only TLS v1.0 and it is difficult to use those in 2022 because all major WWW browsers dropped support for TLS v1.0 & v1.1 and now I see that even CLI tools remove support for those obsolete protocols... :-( I noticed problems with haproxy an hour ago and just now I see that even curl cannot be used... Following command was working in Ubuntu 18.04 but it doesn't work in 20.04 anymore (error is unsupported protocol), oldrouter supports only tlsv1.0: $ curl -v -k --tlsv1.0 https://oldrouter.lan:445/ * Trying 192.168.17.1:445... * TCP_NODELAY set * Connected to ipcop.home (192.168.17.1) port 445 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (OUT), TLS alert, protocol version (582): * error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol * Closing connection 0 curl: (35) error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol ** Affects: curl (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/1969859 Title: tlsv1.0 was removed Status in curl package in Ubuntu: New Bug description: Mint 20.3 (Ubuntu 20.04) $ curl -V curl 7.68.0 (x86_64-pc-linux-gnu) libcurl/7.68.0 OpenSSL/1.1.1f zlib/1.2.11 brotli/1.0.7 libidn2/2.2.0 libpsl/0.21.0 (+libidn2/2.2.0) libssh/0.9.3/openssl/zlib nghttp2/1.40.0 librtmp/2.3 Release-Date: 2020-01-08 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp Features: AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets It seems that support for TLSv1.0 was removed from curl or some SSL library. It is not possible to use curl to test if web site still supports tls v1.0. I have some old devices in my lab those support only TLS v1.0 and it is difficult to use those in 2022 because all major WWW browsers dropped support for TLS v1.0 & v1.1 and now I see that even CLI tools remove support for those obsolete protocols... :-( I noticed problems with haproxy an hour ago and just now I see that even curl cannot be used... Following command was working in Ubuntu 18.04 but it doesn't work in 20.04 anymore (error is unsupported protocol), oldrouter supports only tlsv1.0: $ curl -v -k --tlsv1.0 https://oldrouter.lan:445/ * Trying 192.168.17.1:445... * TCP_NODELAY set * Connected to ipcop.home (192.168.17.1) port 445 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (OUT), TLS alert, protocol version (582): * error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol * Closing connection 0 curl: (35) error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1969859/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
