AnsweredAssumed Answered

curl localhost:9877 error: Unknown SSL protocol error in connection to localhost:-9850

Question asked by hanleybrand on Aug 19, 2016
Latest reply on Aug 19, 2016 by scott.hurrey

I'm trying to test some web services provided by a b2 on the DVM (9.1.201404.160205) before uploading to our staging environment, but I keep getting these SSL errors even with --insecure (-k):

 

$ curl  https://localhost:9877  -k -v

* Rebuilt URL to: https://localhost:9877/

*   Trying ::1...

* connect to ::1 port 9877 failed: Connection refused

*   Trying 127.0.0.1...

* Connected to localhost (127.0.0.1) port 9877 (#0)

* Unknown SSL protocol error in connection to localhost:-9850

* Closing connection 0

curl: (35) Unknown SSL protocol error in connection to localhost:-9850

 

I know that the cert is self-signed (and expired) -- but I thought that --insecure would cause that to be dropped. I've been playing with different switches to force various ssl/tls versions and ciphers (stack overflow had some advice that this error is related to an odd protocol/cipher combo on the server side), but alas I haven't hit the combo yet.

 

testssl.sh had this to report:

 

--> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)

SSLv2      not offered (OK)

SSLv3      offered (NOT ok)

TLS 1      offered

TLS 1.1    offered

TLS 1.2    not offered (NOT ok)

SPDY/NPN   not offered

--> Testing ~standard cipher lists

Null Ciphers                 not offered (OK)

Anonymous NULL Ciphers       not offered (OK)

Anonymous DH Ciphers         not offered (OK)

40 Bit encryption            Local problem: No 40 Bit encryption  configured in /usr/local/opt/openssl/bin/openssl

56 Bit encryption            Local problem: No 56 Bit encryption  configured in /usr/local/opt/openssl/bin/openssl

Export Ciphers (general)     Local problem: No Export Ciphers (general) configured in /usr/local/opt/openssl/bin/openssl

Low (<=64 Bit)               Local problem: No Low (<=64 Bit) configured in /usr/local/opt/openssl/bin/openssl

DES Ciphers                  Local problem: No DES Ciphers  configured in /usr/local/opt/openssl/bin/openssl

Medium grade encryption      offered (NOT ok)

Triple DES Ciphers           not offered (OK)

High grade encryption        not offered (NOT ok)

--> Testing (perfect) forward secrecy, (P)FS -- omitting 3DES, RC4 and Null Encryption here

Not OK: No ciphers supporting Forward Secrecy offered

--> Testing server preferences

Has server cipher order?     nope (NOT ok)

Negotiated protocol          Handshake error!TLSv1.2

Negotiated cipher            0000, 768 bit DH (limited sense as client will pick)

Negotiated cipher per proto  (limited sense as client will pick)

Local problem: /usr/local/opt/openssl/bin/openssl doesn't support "s_client -ssl2"

No further cipher order check has been done as order is determined by the client

--> Testing server defaults (Server Hello)

Strange, no SSL/TLS protocol seems to be supported (error around line 1803)

 

 

Does anyone know of a way to get it working?

 

Or maybe another thing to ask is - am I the only one who's having a problem? Does curl work for other folks against the DVM?

 

Note: this is a somewhat academic question, as I can successfully test against the DVM in a browser window via https://ws_user:ws_pass@localhost:9877/webapps/

Outcomes