2

I need to upgrade cURL on my VPS running CentOS 7.

I'm gettings errors as:

cURL Error(35): Cannot communicate securely with peer: no common encryption algorithm(s)

I've used the answer given here before: Upgrade curl to latest on CentOS 6.3 But the link to the RPM file is dead and I don't know which to choose from the list on the yum-repo page.

Help on how to upgrade curl highly appreciated.

Thanks.

Community
  • 1
Peps
  • 23
  • 1
  • 1
  • 7

3 Answers3

3

There is a known bug in fedora for nss which causes similar problem with curl. See NSS does not enable ECC cipher-suites by default. Its about some default support for ECC cipher-suit.

Check if your version of nss is also affected. Then you can possibly upgrade.

You can try as suggested in the thread:

curl -4svo/dev/null --ciphers ecdhe_ecdsa_aes_128_gcm_sha_256 https://www.example.org

or simply,

curl --ciphers ecdhe_ecdsa_aes_256_sha https://www.example.org

Another option is to upgrade to curl-7.43.0-1.el7 and try. RPMs are available here: http://cbs.centos.org/koji/buildinfo?buildID=1408

  • Go to the link and download the rpms to local hard disks. Then you can use rpm command to upgrade or install the packages that you need.

    1. curl-7.43.0-1.el7.x86_64.rpm
    2. libcurl-7.43.0-1.el7.x86_64.rpm
    3. libcurl-devel-7.43.0-1.el7.x86_64.rpm
    4. curl-debuginfo-7.43.0-1.el7.x86_64.rpm

    I haven't tried it myself, so try it with your own risk.

Diamond
  • 9,001
  • 3
  • 24
  • 38
  • Ok, so i should run that command in ssh. This is a live server, that won't be a problem? How will i know if i'm affected? I'll receive an error? (I'm new to this) – Peps Nov 25 '15 at 12:49
  • cURL collect url, so try on one of your server safely – Froggiz Nov 25 '15 at 12:56
  • Result: About to connect() to www.example.org port 443 (#0) * Trying 93.184.216.34... * Connected to www.example.org (93.184.216.34) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * Unknown cipher in list: ecdhe_ecdsa_aes_128_gcm_sha_256 * Closing connection 0 – Peps Nov 25 '15 at 13:05
  • Try the second option in the answer and run curl with the `-v` option. The answer indicates to mention explicitly the cipher suite to be used in the curl command option. – Diamond Nov 25 '15 at 13:09
  • Sorry, i don't know what you mean exactly. Where should i add the -v option? – Peps Nov 25 '15 at 13:20
  • 1
    Upgrading cURL 7.42.1 helped me with this issue previously. Would this work: rpm -Uvh http://www.city-fan.org/ftp/contrib/yum-repo/rhel6/x86_64/city-fan.org-release-1-13.rhel6.noarch.rpm yum install libcurl – Peps Nov 25 '15 at 13:31
  • Can't tell you for sure. I guess not, it meant for rhel6. – Diamond Nov 25 '15 at 13:36
  • Try the ones here: http://cbs.centos.org/koji/buildinfo?buildID=1408 – Diamond Nov 25 '15 at 13:40
  • That looks like it :) Could you maybe share the install command with me so i won't mess-up? – Peps Nov 25 '15 at 13:42
  • See updated answer. Download those rpms and try with `rpm -Uvh`. – Diamond Nov 25 '15 at 13:56
  • Thanks! I must download all 4(?) with rpm -Uvh, then run "yum install...."? – Peps Nov 25 '15 at 14:04
  • And what about this: http://curl.haxx.se/download.html ? – Peps Nov 25 '15 at 14:12
  • I did: yum install libcurl-7.43.0-1.el7.x86_64.rpm and I got an error: Finished Dependency Resolution Error: Multilib version problems found. This often means that the root cause is something else and multilib version checking is just pointing out that there is a problem. – Peps Nov 25 '15 at 22:22
  • What do you think about the solution offered in the last 2 comments here: https://www.centos.org/forums/viewtopic.php?f=47&t=53917 – Peps Nov 25 '15 at 22:38
  • You can try it, looks good. – Diamond Nov 25 '15 at 22:42
  • So maybe this rpm could solve the issue safely?http://dl.fedoraproject.org/pub/archive/fedora/linux/updates/19/x86_64/libcurl-7.29.0-27.fc19.x86_64.rpm What you think, is this safe to try? – Peps Nov 25 '15 at 22:45
  • These are from fedoraproject, you can safely try. – Diamond Nov 25 '15 at 22:53
  • @bangal, would this be the way to go: wget http://mirror.fdcservers.net/fedora/updates/19/x86_64/libcurl-7.29.0-27.fc19.x86_64.rpm yum install libcurl-7.29.0-27.fc19.x86_64.rpm ? – Peps Nov 25 '15 at 22:54
  • I get an error when i try it like this: Protected multilib versions: libcurl-7.29.0-19.el7.i686 != libcurl-7.29.0-27.fc19.x86_64 should i try a different method of installing? – Peps Nov 25 '15 at 23:12
  • Could someone advise on how to install the rpm? – Peps Nov 26 '15 at 09:31
1

1) nano /etc/yum.repos.d/city-fan.repo

2) ADD:

[CityFan]
name=City Fan Repo
baseurl=http://www.city-fan.org/ftp/contrib/yum-repo/rhel$releasever/$basearch/
enabled=1
gpgcheck=0

3)

yum clean all
yum install curl
Eduard Yamaltdinov
  • 11
  • 1
  • 2
    **WARNING** City-fan is a *Known Problem Repository* per [the CentOS wiki](https://wiki.centos.org/AdditionalResources/Repositories) : "Be particularly careful about the City-Fan repo as they enable their repo by default when installed. City-Fan will replace many core packages as configured when installed and those packages often have a different structure than the CentOS ones making them difficult if not impossible to remove cleanly. Even removing packages installed from this repository may leave the system in an unusable state. You've been warned." – Randall Jul 28 '20 at 19:20
0

Quoting a comment from @Peps:

Upgrading cURL 7.42.1 helped me with this issue previously. Would this work: rpm -Uvh http://www.city-fan.org/ftp/contrib/yum-repo/rhel6/x86_64/city-fan.org-release-1-13.rhel6.noarch.rpm yum install libcurl

This will work on CentOS 6.7 in a safe way and it should be the accepted answer. Basically, it adds a third-party repo where someone compiled cURL 7.42 and its dependencies, keeping CentOS package names, so yum will recognize and install them as upgrade for the legacy curl package without breaking any dependence.

Tried it on a CentOS 6.7 server + Plesk 12.5

Marco Marsala
  • 471
  • 3
  • 7
  • 14
  • Repo no longer available – executable Feb 14 '19 at 13:01
  • 2
    **WARNING** City-fan is a *Known Problem Repository* per [the CentOS wiki](https://wiki.centos.org/AdditionalResources/Repositories) : "Be **particularly careful** about the City-Fan repo as they enable their repo by default when installed. City-Fan **will** replace many core packages as configured when installed and those packages often have a different structure than the CentOS ones making them difficult if not impossible to remove cleanly. Even **removing** packages installed from this repository may leave the system in an unusable state. You've been warned." – Randall Jul 28 '20 at 19:23