OpenSSL issues in Debian Wheezy

Rodrigo asked:

I don’t know what is exactly going on but I noticed that curl couldn’t get secure pages without adding extra switches.

~# curl -v
* About to connect() to port 443 (#0)
*   Trying
* connected
* Connected to ( port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
(hangs for a minute)
* Unknown SSL protocol error in connection to
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to

Now, when I add -1 (force tlsv1) or -3 (force sslv3) curl works flawlessly. The problem is that other programs seem to have similar issues, like python scripts.

When I try openssl it hangs like curl

openssl s_client  -connect

no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 320 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

The same happens if I use -tls1_2, but it works If I use -ssl3 switch

Additional Data:

OpenSSL> version
OpenSSL 1.0.1e 11 Feb 2013

Does anybody know how to fix this and make curl or openssl work with default settings? I have another machine with Debian lenny that can run both commands flawlessly without any switch.



My answer:

Make sure you have the ca-certificates package installed properly. If it is installed, you may have accidentally deleted its files and need to reinstall it.

sudo apt-get install --reinstall ca-certificates

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.