[Bug 1969859] [NEW] tlsv1.0 was removed

psl 1969859 at bugs.launchpad.net
Thu Apr 21 23:03:10 UTC 2022 

Public bug reported:

Mint 20.3 (Ubuntu 20.04)

$ curl -V
curl 7.68.0 (x86_64-pc-linux-gnu) libcurl/7.68.0 OpenSSL/1.1.1f zlib/1.2.11 brotli/1.0.7 libidn2/2.2.0 libpsl/0.21.0 (+libidn2/2.2.0) libssh/0.9.3/openssl/zlib nghttp2/1.40.0 librtmp/2.3
Release-Date: 2020-01-08
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets

It seems that support for TLSv1.0 was removed from curl or some SSL
library. It is not possible to use curl to test if web site still
supports tls v1.0. I have some old devices in my lab those support only
TLS v1.0 and it is difficult to use those in 2022 because all major WWW
browsers dropped support for TLS v1.0 & v1.1 and now I see that even CLI
tools remove support for those obsolete protocols... :-( I noticed
problems with haproxy an hour ago and just now I see that even curl
cannot be used...

Following command was working in Ubuntu 18.04 but it doesn't work in
20.04 anymore (error is unsupported protocol), oldrouter supports only
tlsv1.0:

$ curl -v -k --tlsv1.0 https://oldrouter.lan:445/
*   Trying 192.168.17.1:445...
* TCP_NODELAY set
* Connected to ipcop.home (192.168.17.1) port 445 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS alert, protocol version (582):
* error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
* Closing connection 0
curl: (35) error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

** Affects: curl (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/1969859

Title:
  tlsv1.0 was removed

Status in curl package in Ubuntu:
  New

Bug description:
  Mint 20.3 (Ubuntu 20.04)

  $ curl -V
  curl 7.68.0 (x86_64-pc-linux-gnu) libcurl/7.68.0 OpenSSL/1.1.1f zlib/1.2.11 brotli/1.0.7 libidn2/2.2.0 libpsl/0.21.0 (+libidn2/2.2.0) libssh/0.9.3/openssl/zlib nghttp2/1.40.0 librtmp/2.3
  Release-Date: 2020-01-08
  Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
  Features: AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets

  It seems that support for TLSv1.0 was removed from curl or some SSL
  library. It is not possible to use curl to test if web site still
  supports tls v1.0. I have some old devices in my lab those support
  only TLS v1.0 and it is difficult to use those in 2022 because all
  major WWW browsers dropped support for TLS v1.0 & v1.1 and now I see
  that even CLI tools remove support for those obsolete protocols... :-(
  I noticed problems with haproxy an hour ago and just now I see that
  even curl cannot be used...

  Following command was working in Ubuntu 18.04 but it doesn't work in
  20.04 anymore (error is unsupported protocol), oldrouter supports only
  tlsv1.0:

  $ curl -v -k --tlsv1.0 https://oldrouter.lan:445/
  *   Trying 192.168.17.1:445...
  * TCP_NODELAY set
  * Connected to ipcop.home (192.168.17.1) port 445 (#0)
  * ALPN, offering h2
  * ALPN, offering http/1.1
  * successfully set certificate verify locations:
  *   CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
  * TLSv1.3 (OUT), TLS handshake, Client hello (1):
  * TLSv1.3 (IN), TLS handshake, Server hello (2):
  * TLSv1.3 (OUT), TLS alert, protocol version (582):
  * error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
  * Closing connection 0
  curl: (35) error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1969859/+subscriptions

More information about the foundations-bugs mailing list