You are not logged in.

#1 2014-01-09 04:53:50

martriay
Member
Registered: 2012-06-21
Posts: 17

[SOLVED] Unknown SSL protocol error in connection

Hi there. I'm trying to get a website with curl but i'm getting this error:

[martriay@atila ~]$ curl -v "https://servicios1.afip.gov.ar"
* Rebuilt URL to: https://servicios1.afip.gov.ar/
* Hostname was NOT found in DNS cache
* Adding handle: conn: 0x20412c0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x20412c0) send_pipe: 1, recv_pipe: 0
*   Trying 200.1.116.53...
* Connected to servicios1.afip.gov.ar (200.1.116.53) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to servicios1.afip.gov.ar:443 
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to servicios1.afip.gov.ar:443

And when i try with SSLv3:

[martriay@atila ~]$ curl -3 -v "https://servicios1.afip.gov.ar"
* Rebuilt URL to: https://servicios1.afip.gov.ar/
* Hostname was NOT found in DNS cache
* Adding handle: conn: 0x8032c0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x8032c0) send_pipe: 1, recv_pipe: 0
*   Trying 200.1.116.53...
* Connected to servicios1.afip.gov.ar (200.1.116.53) port 443 (#0)
* Unsupported SSL protocol version
* Closing connection 0
curl: (35) Unsupported SSL protocol version

That's from my archlinux server, while on my desktop's fedora it works just fine. Both computers are within the same network.

openssl version:

[martriay@atila ~]$ openssl version
OpenSSL 1.0.1e 11 Feb 2013

openssl connection attempt

[martriay@atila ~]$ openssl s_client -connect servicios1.afip.gov.ar:443
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 322 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

If I add the -ssl3 option:

[martriay@atila ~]$ openssl s_client -connect servicios1.afip.gov.ar:443 -ssl3
CONNECTED(00000003)
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO High-Assurance Secure Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=AR/postalCode=1086/ST=Ciudad Autonoma de Buenos Aires/L=Capital Federal/street=Hipolito Yirigoyen 370/O=ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS/OU=Issued through ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS E-PKI/OU=InstantSSL/CN=servicios1.afip.gov.ar
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
subject=/C=AR/postalCode=1086/ST=Ciudad Autonoma de Buenos Aires/L=Capital Federal/street=Hipolito Yirigoyen 370/O=ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS/OU=Issued through ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS E-PKI/OU=InstantSSL/CN=servicios1.afip.gov.ar
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA
---
No client certificate CA names sent
---
SSL handshake has read 3048 bytes and written 485 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : RC4-MD5
    Session-ID: F34244E0C2E402103FC9B7216E504E89761FDAF31CC1AC3A7939BE99AD8D0C57
    Session-ID-ctx: 
    Master-Key: 146C91E59E259AD38C1E7A0B8E5DBEAE2D768622DE4045CD927D60A40FF8CA527A2694E227FEE30CC0909ADE0B72B0C8
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1389232087
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---

Any ideas?

Last edited by martriay (2014-01-09 14:05:02)

Offline

#2 2014-01-09 05:19:10

firecat53
Member
From: Sammamish, Wa
Registered: 2007-05-14
Posts: 1,447
Website

Re: [SOLVED] Unknown SSL protocol error in connection

Downgrade curl to 7.33.0-3. There is a known bug that is now fixed and should be released with the next version. I got bit by this too smile

Scott

Offline

#3 2014-01-09 14:04:41

martriay
Member
Registered: 2012-06-21
Posts: 17

Re: [SOLVED] Unknown SSL protocol error in connection

That solved the problem, thanks!

Offline

Board footer

Powered by FluxBB