[Bug 1310750] Re: sslv3 alert handshake failure for ubuntu 14.04

Seth Arnold 1310750 at bugs.launchpad.net
Mon Apr 21 22:36:19 UTC 2014 

Note that if you manually specify the ciphers that the server supports
to the curl command line, it works fine:

curl -v --ciphers RC4-SHA:RC4-MD5 https://secure.phabricator.com/api/conduit.ping
* Hostname was NOT found in DNS cache
*   Trying 50.18.110.231...
* Connected to secure.phabricator.com (50.18.110.231) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-SHA
* Server certificate:
* 	 subject: OU=Domain Control Validated; CN=secure.phabricator.com
* 	 start date: 2014-03-25 23:26:10 GMT
* 	 expire date: 2015-03-28 18:47:22 GMT
* 	 subjectAltName: secure.phabricator.com matched
* 	 issuer: C=US; ST=Arizona; L=Scottsdale; O=Starfield Technologies, Inc.; OU=http://certs.starfieldtech.com/repository/; CN=Starfield Secure Certificate Authority - G2
* 	 SSL certificate verify ok.
> GET /api/conduit.ping HTTP/1.1
> User-Agent: curl/7.35.0
> Host: secure.phabricator.com
> Accept: */*
> 
< HTTP/1.1 200 OK
* Server nginx is not blacklisted
< Server: nginx
< Date: Mon, 21 Apr 2014 22:27:22 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Powered-By: PHP/5.4.16
< Set-Cookie: phsid=A%2F3ds56miycnr7qov6xsfqxr4oyujacydy5h67ktjj; expires=Sat, 20-Apr-2019 22:27:22 GMT; path=/; domain=secure.phabricator.com; secure; httponly
< X-Frame-Options: Deny
< Cache-Control: private, no-cache, no-store, must-revalidate
< Pragma: no-cache
< Expires: Sat, 01 Jan 2000 00:00:00 GMT
< X-Content-Type-Options: nosniff
< 
* Connection #0 to host secure.phabricator.com left intact
{"result":null,"error_code":"ERR-CONDUIT-CORE","error_info":"Request has no 'params' key. This may mean that an extension like Suhosin has dropped data from the request. Check the PHP configuration on your server. If you are developing a Conduit client, you MUST provide a 'params' parameter when making a Conduit request, even if the value is empty (e.g., provide '{}')."}sarnold at hunt:~$ 


Perhaps 14.04 LTS's curl has dropped rc4 or md5 or sha1 support by default? It might be early to drop sha1, but both rc4 and md5 are known to have significant weaknesses.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/1310750

Title:
  sslv3 alert handshake failure for ubuntu 14.04

Status in “curl” package in Ubuntu:
  Won't Fix

Bug description:
  I have some problem with ssl conection on ubuntu 14.04:

  $ curl -v https://secure.phabricator.com/api/conduit.ping
  * Hostname was NOT found in DNS cache
  *   Trying 50.18.110.231...
  * Connected to secure.phabricator.com (50.18.110.231) port 443 (#0)
  * successfully set certificate verify locations:
  *   CAfile: none
    CApath: /etc/ssl/certs
  * SSLv3, TLS handshake, Client hello (1):
  * SSLv3, TLS alert, Server hello (2):
  * error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
  * Closing connection 0
  curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

  This bug started appear after 14.04 installation.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1310750/+subscriptions

More information about the foundations-bugs mailing list