[Bug 2073448] [NEW] OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection

[Ruben Suarez Alvarez]

Public bug reported:

The problem seems to affect only Ubuntu 22.04 Arm64.  It works as
expected in Ubuntu 22.04 Amd64.


For further information see: https://github.com/curl/curl/issues/14154

### I did this

```bash
curl -vvv https://dotnet.microsoft.com/
* Host dotnet.microsoft.com:443 was resolved.
* IPv6: 2620:1ec:bdf::43
* IPv4: 13.107.246.43
*   Trying 13.107.246.43:443...
* Connected to dotnet.microsoft.com (13.107.246.43) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to dotnet.microsoft.com:443 
* Closing connection
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to dotnet.microsoft.com:443 
```

### I expected the following

I expected no SSL error as **openssl** seem to be working as expected:

```bash
openssl s_client -connect dotnet.microsoft.com:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
verify return:1
depth=0 C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.microsoft.com
verify return:1
---
Certificate chain
 0 s:C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.microsoft.com
   i:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384
   v:NotBefore: Jun 25 20:36:42 2024 GMT; NotAfter: Jun 20 20:36:42 2025 GMT
 1 s:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
   v:NotBefore: Jun  8 00:00:00 2023 GMT; NotAfter: Aug 25 23:59:59 2026 GMT
 2 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Aug  1 12:00:00 2013 GMT; NotAfter: Jan 15 12:00:00 2038 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIIbjCCBlagAwIBAgITMwBqsN0udUZDvIEukgAAAGqw3TANBgkqhkiG9w0BAQwF
ADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
MS4wLAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgUlNBIFRMUyBJc3N1aW5nIENBIDAz
MB4XDTI0MDYyNTIwMzY0MloXDTI1MDYyMDIwMzY0MlowazELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv
ZnQgQ29ycG9yYXRpb24xHTAbBgNVBAMTFGRvdG5ldC5taWNyb3NvZnQuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZD+C6LaJAjEgKDLOH643bUB
WLdi3kO2GRUsk4DwfZ6KAAs0nkY9ltpUZgpE+Mm8dNuNCWewU3MpuQgMptOfCuf7
ukkyO2gbo5Wko/U0ilNQ+0T2mTg43U7h+LQfnBcAPyidTUQYR+hfoZIFauBAVygT
d9dByKjdkUC/bQA8I0/CaJV62qt4rAptuO8n94M9TcwHGzKKKNkq1ByInbEomLef
Npm8SfxXoz+3JqTt2isUJuvN/NxkbFAAKgj5DbXdfypbLxXSqxjh1ThyAvhchQ1e
XdjkYs0ogl9/dmgcon5ojAd6F2ty+EIayOpZzLtRVZEnU10ZpP/QRBDbYrlRFQID
AQABo4IEFzCCBBMwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AE51oydcmhDD
OFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABkFEmpOcAAAQDAEcwRQIhAIIpI3la
ULEsaDpC+KwWQdoMDPMDO18Rs3XbNozqkoVZAiAdAah3WKvDZUvqGZ1xLVq8AeQk
j0eI7ccMwijHvT+XJgB2AH1ZHhLheCp7HGFnfF79+NCHXBSgTpWeuQMv2Q6MLnm4
AAABkFEmpPoAAAQDAEcwRQIgDtEZs9YRgwl1LFh0Qe9zHpYaqh4uPrvOKGacN0sP
ThACIQDu5FjzJCHOdhIYYEi3E9eUYa5hkaFfGqNdkW+f7f6ymAB3AOCSs/wMHcjn
aDYf3mG5lk0KUngZinLWcsSwTaVtb1QEAAABkFEmpWkAAAQDAEgwRgIhAK3IH/kH
6xxYXiKqus9p+HOzLZ5V7QD3WLdH5d4iE+cDAiEAu7vlX3NjwcVV9Q0qad5oRq+J
gWoTe4I129rn+Nwg8dswJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggr
BgEFBQcDATA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiHvdcbgefrRoKBnS6O
0AyH8NodXYKE5WmC86c+AgFkAgEmMIG0BggrBgEFBQcBAQSBpzCBpDBzBggrBgEF
BQcwAoZnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNy
b3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUyMElzc3VpbmclMjBDQSUyMDAzJTIw
LSUyMHhzaWduLmNydDAtBggrBgEFBQcwAYYhaHR0cDovL29uZW9jc3AubWljcm9z
b2Z0LmNvbS9vY3NwMB0GA1UdDgQWBBR9TKvzmHG1MV1ddWm5+vC6YXanqjAOBgNV
HQ8BAf8EBAMCBaAwHwYDVR0RBBgwFoIUZG90bmV0Lm1pY3Jvc29mdC5jb20wDAYD
VR0TAQH/BAIwADBqBgNVHR8EYzBhMF+gXaBbhllodHRwOi8vd3d3Lm1pY3Jvc29m
dC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUy
MElzc3VpbmclMjBDQSUyMDAzLmNybDBmBgNVHSAEXzBdMFEGDCsGAQQBgjdMg30B
ATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3Bz
L0RvY3MvUmVwb3NpdG9yeS5odG0wCAYGZ4EMAQICMB8GA1UdIwQYMBaAFP4JcUBV
BRBE2KSBdbieGulKBojIMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAN
BgkqhkiG9w0BAQwFAAOCAgEAZpCQvYsTwiHY33gdO63zx16VedHu7en/rhf+pw9d
JmXzlWQWhxP2Rxb7SmBQBnBydNCb1n6ZgWoXqsGP8JmeqIOZRCBu68VIwobA/+OL
Qcr1ZhM9AxsxnzR/CyBUbW9pDIbrhThxBzc9+6yc8YbZeJFRWn6MjmcEM6l7RRsJ
udQ4b6UwPqW8O4fgIM63FHvhzajs9FLQ3eBhi46WCLEHn5rbMbChnsEsCWE6ElZQ
2JKgFmf5i2fGCoyhPxAoscQFDsGBYOGWhwQ07PeOmve1gzgjy2TfO571cfn+9c2w
cWt64yvfqHTAo1T50p1gKeNbziPik1XnVF5a1/4CMzrH43I3KDmMMSTv2S2enmpt
jjPRTzMy6jjRG/7ZKSKQsRoRV++IVRA/AcaPuv7AQuTSvXYXccdxZygDBZyOddDn
GxXjj2pFn/gmaxfeJ4TjmlvxyCDqPKbDeHtdnBpDezf9MXignAlimiF3OGrdJxyq
Wd0ANx9v9hU55m0f+7nsRoGEqlrHvfyi2pt/58ZmckHGUH7sqMrWKwTVh1ReUn0+
xHt29O65Gh05P1ixfDJFbKOA2ihY9nkVCO3j0B4vmfH7tKrVpGPlrgAYUcuM56pf
p/HMENKnH/MnAHXD6671XbJERFNHRNDR1qrX3SCRqArJPI/43H6ocyVsI82hoM7G
a7Q=
-----END CERTIFICATE-----
subject=C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.microsoft.com
issuer=C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 5228 bytes and written 757 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 643124F02D3029C902774B5E6B0B507D9C47DA0FF6A060439708B29018124972
    Session-ID-ctx: 
    Resumption PSK: 9CCAB2651F4B8873258C4722F59A8698282DE227BE0BBD80BE5613EE0BA66ACDAF7892445F549DF36BE78F84C8BE5078
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 32 8c 1c f8 d6 1c 33 71-fb 26 27 b4 d4 a5 0c e1   2.....3q.&'.....
    0010 - 29 24 51 37 c5 a5 f7 75-96 ea aa d3 94 5e 4a ae   )$Q7...u.....^J.

    Start Time: 1720699914
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: A86923E7760AC76AC296A36BA386470A4D3F61A2D92DE6314E6C184E79621DD7
    Session-ID-ctx: 
    Resumption PSK: 39809D7956DD3FCF72C59F003D19BCBA26D688D506026DE4F79518DDA476846F0896EB8D0A75BC6E3ACAC1069C7E37B7
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 0b 7e fd 85 ba ff b4 3e-67 ec 4d 12 55 42 ef ca   .~.....>g.M.UB..
    0010 - 33 50 d8 91 be 29 c8 81-15 ec 6c 15 6b 41 42 5b   3P...)....l.kAB[

    Start Time: 1720699914
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
closed
```

Also **wget** is working as expected:

```bash
wget https://dotnet.microsoft.com/
--2024-07-11 12:14:16--  https://dotnet.microsoft.com/
Resolving dotnet.microsoft.com (dotnet.microsoft.com)... 13.107.246.43, 2620:1ec:bdf::43
Connecting to dotnet.microsoft.com (dotnet.microsoft.com)|13.107.246.43|:443... connected.
HTTP request sent, awaiting response... 302 Found
Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
Location: /en-us/ [following]
--2024-07-11 12:14:24--  https://dotnet.microsoft.com/en-us/
Reusing existing connection to dotnet.microsoft.com:443.
HTTP request sent, awaiting response... 200 OK
Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
Length: unspecified [text/html]
Saving to: ‘index.html’

index.html                                         [ <=>
] 300.57K  --.-KB/s    in 0.1s

2024-07-11 12:14:25 (2.08 MB/s) - ‘index.html’ saved [307782]
```


### curl/libcurl version

curl 8.5.0 (aarch64-unknown-linux-gnu) libcurl/8.5.0 OpenSSL/3.0.13 zlib/1.3 brotli/1.1.0 zstd/1.5.5 libidn2/2.3.7 libpsl/0.21.2 (+libidn2/2.3.7) libssh/0.10.6/openssl/zlib nghttp2/1.59.0 librtmp/2.3 OpenLDAP/2.6.7
Release-Date: 2023-12-06, security patched: 8.5.0-2ubuntu10.1
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd


### operating system

Linux 63c63fd986c4 6.5.0-41-generic #41~22.04.2-Ubuntu SMP
PREEMPT_DYNAMIC Mon Jun  3 11:32:55 UTC 2 aarch64 aarch64 aarch64
GNU/Linux

** Affects: curl (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/2073448

Title:
  OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection

Status in curl package in Ubuntu:
  New

Bug description:
  The problem seems to affect only Ubuntu 22.04 Arm64.  It works as
  expected in Ubuntu 22.04 Amd64.

  
  For further information see: https://github.com/curl/curl/issues/14154

  ### I did this

  ```bash
  curl -vvv https://dotnet.microsoft.com/
  * Host dotnet.microsoft.com:443 was resolved.
  * IPv6: 2620:1ec:bdf::43
  * IPv4: 13.107.246.43
  *   Trying 13.107.246.43:443...
  * Connected to dotnet.microsoft.com (13.107.246.43) port 443
  * ALPN: curl offers h2,http/1.1
  * TLSv1.3 (OUT), TLS handshake, Client hello (1):
  *  CAfile: /etc/ssl/certs/ca-certificates.crt
  *  CApath: /etc/ssl/certs
  * TLSv1.3 (IN), TLS handshake, Server hello (2):
  * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  * TLSv1.3 (OUT), TLS handshake, Client hello (1):
  * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to dotnet.microsoft.com:443 
  * Closing connection
  curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to dotnet.microsoft.com:443 
  ```

  ### I expected the following

  I expected no SSL error as **openssl** seem to be working as expected:

  ```bash
  openssl s_client -connect dotnet.microsoft.com:443
  CONNECTED(00000003)
  depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
  verify return:1
  depth=1 C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
  verify return:1
  depth=0 C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.microsoft.com
  verify return:1
  ---
  Certificate chain
   0 s:C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.microsoft.com
     i:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
     a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384
     v:NotBefore: Jun 25 20:36:42 2024 GMT; NotAfter: Jun 20 20:36:42 2025 GMT
   1 s:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
     i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
     a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
     v:NotBefore: Jun  8 00:00:00 2023 GMT; NotAfter: Aug 25 23:59:59 2026 GMT
   2 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
     i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
     a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
     v:NotBefore: Aug  1 12:00:00 2013 GMT; NotAfter: Jan 15 12:00:00 2038 GMT
  ---
  Server certificate
  -----BEGIN CERTIFICATE-----
  MIIIbjCCBlagAwIBAgITMwBqsN0udUZDvIEukgAAAGqw3TANBgkqhkiG9w0BAQwF
  ADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
  MS4wLAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgUlNBIFRMUyBJc3N1aW5nIENBIDAz
  MB4XDTI0MDYyNTIwMzY0MloXDTI1MDYyMDIwMzY0MlowazELMAkGA1UEBhMCVVMx
  CzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv
  ZnQgQ29ycG9yYXRpb24xHTAbBgNVBAMTFGRvdG5ldC5taWNyb3NvZnQuY29tMIIB
  IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZD+C6LaJAjEgKDLOH643bUB
  WLdi3kO2GRUsk4DwfZ6KAAs0nkY9ltpUZgpE+Mm8dNuNCWewU3MpuQgMptOfCuf7
  ukkyO2gbo5Wko/U0ilNQ+0T2mTg43U7h+LQfnBcAPyidTUQYR+hfoZIFauBAVygT
  d9dByKjdkUC/bQA8I0/CaJV62qt4rAptuO8n94M9TcwHGzKKKNkq1ByInbEomLef
  Npm8SfxXoz+3JqTt2isUJuvN/NxkbFAAKgj5DbXdfypbLxXSqxjh1ThyAvhchQ1e
  XdjkYs0ogl9/dmgcon5ojAd6F2ty+EIayOpZzLtRVZEnU10ZpP/QRBDbYrlRFQID
  AQABo4IEFzCCBBMwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AE51oydcmhDD
  OFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABkFEmpOcAAAQDAEcwRQIhAIIpI3la
  ULEsaDpC+KwWQdoMDPMDO18Rs3XbNozqkoVZAiAdAah3WKvDZUvqGZ1xLVq8AeQk
  j0eI7ccMwijHvT+XJgB2AH1ZHhLheCp7HGFnfF79+NCHXBSgTpWeuQMv2Q6MLnm4
  AAABkFEmpPoAAAQDAEcwRQIgDtEZs9YRgwl1LFh0Qe9zHpYaqh4uPrvOKGacN0sP
  ThACIQDu5FjzJCHOdhIYYEi3E9eUYa5hkaFfGqNdkW+f7f6ymAB3AOCSs/wMHcjn
  aDYf3mG5lk0KUngZinLWcsSwTaVtb1QEAAABkFEmpWkAAAQDAEgwRgIhAK3IH/kH
  6xxYXiKqus9p+HOzLZ5V7QD3WLdH5d4iE+cDAiEAu7vlX3NjwcVV9Q0qad5oRq+J
  gWoTe4I129rn+Nwg8dswJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggr
  BgEFBQcDATA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiHvdcbgefrRoKBnS6O
  0AyH8NodXYKE5WmC86c+AgFkAgEmMIG0BggrBgEFBQcBAQSBpzCBpDBzBggrBgEF
  BQcwAoZnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNy
  b3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUyMElzc3VpbmclMjBDQSUyMDAzJTIw
  LSUyMHhzaWduLmNydDAtBggrBgEFBQcwAYYhaHR0cDovL29uZW9jc3AubWljcm9z
  b2Z0LmNvbS9vY3NwMB0GA1UdDgQWBBR9TKvzmHG1MV1ddWm5+vC6YXanqjAOBgNV
  HQ8BAf8EBAMCBaAwHwYDVR0RBBgwFoIUZG90bmV0Lm1pY3Jvc29mdC5jb20wDAYD
  VR0TAQH/BAIwADBqBgNVHR8EYzBhMF+gXaBbhllodHRwOi8vd3d3Lm1pY3Jvc29m
  dC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUy
  MElzc3VpbmclMjBDQSUyMDAzLmNybDBmBgNVHSAEXzBdMFEGDCsGAQQBgjdMg30B
  ATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3Bz
  L0RvY3MvUmVwb3NpdG9yeS5odG0wCAYGZ4EMAQICMB8GA1UdIwQYMBaAFP4JcUBV
  BRBE2KSBdbieGulKBojIMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAN
  BgkqhkiG9w0BAQwFAAOCAgEAZpCQvYsTwiHY33gdO63zx16VedHu7en/rhf+pw9d
  JmXzlWQWhxP2Rxb7SmBQBnBydNCb1n6ZgWoXqsGP8JmeqIOZRCBu68VIwobA/+OL
  Qcr1ZhM9AxsxnzR/CyBUbW9pDIbrhThxBzc9+6yc8YbZeJFRWn6MjmcEM6l7RRsJ
  udQ4b6UwPqW8O4fgIM63FHvhzajs9FLQ3eBhi46WCLEHn5rbMbChnsEsCWE6ElZQ
  2JKgFmf5i2fGCoyhPxAoscQFDsGBYOGWhwQ07PeOmve1gzgjy2TfO571cfn+9c2w
  cWt64yvfqHTAo1T50p1gKeNbziPik1XnVF5a1/4CMzrH43I3KDmMMSTv2S2enmpt
  jjPRTzMy6jjRG/7ZKSKQsRoRV++IVRA/AcaPuv7AQuTSvXYXccdxZygDBZyOddDn
  GxXjj2pFn/gmaxfeJ4TjmlvxyCDqPKbDeHtdnBpDezf9MXignAlimiF3OGrdJxyq
  Wd0ANx9v9hU55m0f+7nsRoGEqlrHvfyi2pt/58ZmckHGUH7sqMrWKwTVh1ReUn0+
  xHt29O65Gh05P1ixfDJFbKOA2ihY9nkVCO3j0B4vmfH7tKrVpGPlrgAYUcuM56pf
  p/HMENKnH/MnAHXD6671XbJERFNHRNDR1qrX3SCRqArJPI/43H6ocyVsI82hoM7G
  a7Q=
  -----END CERTIFICATE-----
  subject=C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.microsoft.com
  issuer=C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
  ---
  No client certificate CA names sent
  Peer signing digest: SHA256
  Peer signature type: RSA-PSS
  Server Temp Key: ECDH, prime256v1, 256 bits
  ---
  SSL handshake has read 5228 bytes and written 757 bytes
  Verification: OK
  ---
  New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
  Server public key is 2048 bit
  Secure Renegotiation IS NOT supported
  Compression: NONE
  Expansion: NONE
  No ALPN negotiated
  Early data was not sent
  Verify return code: 0 (ok)
  ---
  ---
  Post-Handshake New Session Ticket arrived:
  SSL-Session:
      Protocol  : TLSv1.3
      Cipher    : TLS_AES_256_GCM_SHA384
      Session-ID: 643124F02D3029C902774B5E6B0B507D9C47DA0FF6A060439708B29018124972
      Session-ID-ctx: 
      Resumption PSK: 9CCAB2651F4B8873258C4722F59A8698282DE227BE0BBD80BE5613EE0BA66ACDAF7892445F549DF36BE78F84C8BE5078
      PSK identity: None
      PSK identity hint: None
      SRP username: None
      TLS session ticket lifetime hint: 300 (seconds)
      TLS session ticket:
      0000 - 32 8c 1c f8 d6 1c 33 71-fb 26 27 b4 d4 a5 0c e1   2.....3q.&'.....
      0010 - 29 24 51 37 c5 a5 f7 75-96 ea aa d3 94 5e 4a ae   )$Q7...u.....^J.

      Start Time: 1720699914
      Timeout   : 7200 (sec)
      Verify return code: 0 (ok)
      Extended master secret: no
      Max Early Data: 0
  ---
  read R BLOCK
  ---
  Post-Handshake New Session Ticket arrived:
  SSL-Session:
      Protocol  : TLSv1.3
      Cipher    : TLS_AES_256_GCM_SHA384
      Session-ID: A86923E7760AC76AC296A36BA386470A4D3F61A2D92DE6314E6C184E79621DD7
      Session-ID-ctx: 
      Resumption PSK: 39809D7956DD3FCF72C59F003D19BCBA26D688D506026DE4F79518DDA476846F0896EB8D0A75BC6E3ACAC1069C7E37B7
      PSK identity: None
      PSK identity hint: None
      SRP username: None
      TLS session ticket lifetime hint: 300 (seconds)
      TLS session ticket:
      0000 - 0b 7e fd 85 ba ff b4 3e-67 ec 4d 12 55 42 ef ca   .~.....>g.M.UB..
      0010 - 33 50 d8 91 be 29 c8 81-15 ec 6c 15 6b 41 42 5b   3P...)....l.kAB[

      Start Time: 1720699914
      Timeout   : 7200 (sec)
      Verify return code: 0 (ok)
      Extended master secret: no
      Max Early Data: 0
  ---
  read R BLOCK
  closed
  ```

  Also **wget** is working as expected:

  ```bash
  wget https://dotnet.microsoft.com/
  --2024-07-11 12:14:16--  https://dotnet.microsoft.com/
  Resolving dotnet.microsoft.com (dotnet.microsoft.com)... 13.107.246.43, 2620:1ec:bdf::43
  Connecting to dotnet.microsoft.com (dotnet.microsoft.com)|13.107.246.43|:443... connected.
  HTTP request sent, awaiting response... 302 Found
  Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
  Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
  Location: /en-us/ [following]
  --2024-07-11 12:14:24--  https://dotnet.microsoft.com/en-us/
  Reusing existing connection to dotnet.microsoft.com:443.
  HTTP request sent, awaiting response... 200 OK
  Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
  Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
  Length: unspecified [text/html]
  Saving to: ‘index.html’

  index.html                                         [ <=>
  ] 300.57K  --.-KB/s    in 0.1s

  2024-07-11 12:14:25 (2.08 MB/s) - ‘index.html’ saved [307782]
  ```

  
  ### curl/libcurl version

  curl 8.5.0 (aarch64-unknown-linux-gnu) libcurl/8.5.0 OpenSSL/3.0.13 zlib/1.3 brotli/1.1.0 zstd/1.5.5 libidn2/2.3.7 libpsl/0.21.2 (+libidn2/2.3.7) libssh/0.10.6/openssl/zlib nghttp2/1.59.0 librtmp/2.3 OpenLDAP/2.6.7
  Release-Date: 2023-12-06, security patched: 8.5.0-2ubuntu10.1
  Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
  Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd

  
  ### operating system

  Linux 63c63fd986c4 6.5.0-41-generic #41~22.04.2-Ubuntu SMP
  PREEMPT_DYNAMIC Mon Jun  3 11:32:55 UTC 2 aarch64 aarch64 aarch64
  GNU/Linux

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2073448/+subscriptions