You are not logged in.
When I try downloading stuff using curl wget or firefox I am getting "unknown SSL protocol errors"
$ curl -v https://commondatastorage.googleapis.com/chromium-browser-official/chromium-55.0.2883.11.tar.xz
* Trying 216.58.212.112...
* TCP_NODELAY set
* Connected to commondatastorage.googleapis.com (216.58.212.112) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to commondatastorage.googleapis.com:443
* Curl_http_done: called premature == 1
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to commondatastorage.googleapis.com:443 Same with wget
$ wget https://commondatastorage.googleapis.com/chromium-browser-official/chromium-55.0.2883.11.tar.xz
--2016-10-19 16:09:47-- https://commondatastorage.googleapis.com/chromium-browser-official/chromium-55.0.2883.11.tar.xz
Resolving commondatastorage.googleapis.com (commondatastorage.googleapis.com)... 216.58.212.112, 2a00:1450:400e:807::2010
Connecting to commondatastorage.googleapis.com (commondatastorage.googleapis.com)|216.58.212.112|:443... connected.
Unable to establish SSL connection.There is no problem downloading this file from a different machine running Fedora. Or from a Mac at the same subnetwork (to rule out firewall problem).
I am running:
$ openssl version
OpenSSL 1.0.2j 26 Sep 2016Downgrading OpenSSL to 1.0.2i or 1.0.2h didn't help
Any idea how to fix it?
Last edited by merilius (2016-10-27 12:47:40)
Offline
It's notan issue with openssl because things work here...
$ curl -vLO "https://commondatastorage.googleapis.com/chromium-browser-official/chromium-55.0.2883.11.tar.xz"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 216.58.217.16...
* TCP_NODELAY set
* Connected to commondatastorage.googleapis.com (216.58.217.16) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [106 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3505 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=*.storage.googleapis.com
* start date: Oct 6 13:03:04 2016 GMT
* expire date: Dec 29 12:28:00 2016 GMT
* subjectAltName: host "commondatastorage.googleapis.com" matched cert's "*.googleapis.com"
* issuer: C=US; O=Google Inc; CN=Google Internet Authority G2
* SSL certificate verify ok.
} [5 bytes data]
> GET /chromium-browser-official/chromium-55.0.2883.11.tar.xz HTTP/1.1
> Host: commondatastorage.googleapis.com
> User-Agent: curl/7.50.3
> Accept: */*
>
{ [5 bytes data]
< HTTP/1.1 200 OK
< X-GUploader-UploadID: AEnB2UpUj7Fv_hwRl53-hKXlscdQbGJUslKau6cv2IK4Vzwpv0hbXbKzKMy8iQD_8sUJOqqbc60iakAKs5y6xoHAwwgDcP_xcM_NXwgQ8D2e-j_k5aWnCv0
< Expires: Wed, 19 Oct 2016 20:42:16 GMT
< Date: Wed, 19 Oct 2016 19:42:16 GMT
< Cache-Control: public, max-age=3600
< Last-Modified: Thu, 13 Oct 2016 22:29:30 GMT
< ETag: "d539cfeec359151832e778b0503fba72"
< x-goog-generation: 1476397770085000
< x-goog-metageneration: 1
< x-goog-stored-content-encoding: identity
< x-goog-stored-content-length: 511005276
< Content-Type: application/x-tar
< Content-Language: en
< x-goog-hash: crc32c=mwTmFQ==
< x-goog-hash: md5=1TnP7sNZFRgy53iwUD+6cg==
< x-goog-storage-class: STANDARD
< Accept-Ranges: bytes
< Content-Length: 511005276
< Server: UploadServer
< Alt-Svc: quic=":443"; ma=2592000; v="36,35,34,33,32"
<
{ [594 bytes data]
...
$ openssl version
OpenSSL 1.0.2j 26 Sep 2016
$ curl -V
curl 7.50.3 (x86_64-pc-linux-gnu) libcurl/7.50.3 OpenSSL/1.0.2j zlib/1.2.8 libidn/1.33 libssh2/1.7.0
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSocketsI think smth is blocking server replies to your arch box, e.g. a host-based firewall.
Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd
Offline
Thank you. I tested it on a different network and there were no problems. Then the IT team at my workplace confirmed they are blocking "Google cloud storage services".
Offline