Issues with the SSL versions used by Curl and Python SSL lib

santiago.basulto asked:

I’m trying to reach an URI which only takes SSLv3. If I try to access it with curl or Python requests (which uses the ssl module) it doesn’t work (different errors).

Some longer explanation

There’s this API who has this URI:

  1. If I try to access that URI with the browser, it works fine (Chrome and FF).

  2. If I try to curl it: curl -Iv it doesn’t work. The error returned is:

    curl: (35) Unknown SSL protocol error in connection to
  3. Forcing curl to use SSLv3 works fine:

    curl --sslv3 -Iv
  4. openssl s_client -connect

    answers with:

    no peer certificate available
    No client certificate CA names sent
    SSL handshake has read 0 bytes and written 305 bytes
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE

How can it be possible that the browser is connecting Ok and curl and Python are not? How should I fix this? Is this even my problem (or the owner of the API)?

Info about my system

  • Ubuntu 14.04
  • OpenSSL 1.0.1f 6 Jan 2014

My answer:

At the time this question was asked, the site in question supported only a small selection of very weak cipher suites and had very little compatibility with modern user agents. Thus it was impossible for most browsers or even robots to negotiate a connection, let alone a secure one.

The site has been (mostly) fixed since; while it still has weak cipher suites and other problems, it should at least be functional.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.