4

If I run in my CentOS 5 machine this command:

curl -LsS https://symfony.com/installer -o /usr/local/bin/symfony

I get this error:

curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

However, if I run:

curl -v https://symfony.com/

I get this:

* About to connect() to symfony.com port 443 (#0)
*   Trying 176.34.106.156...
* Connected to symfony.com (176.34.106.156) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES128-SHA
* Server certificate:
*        subject: OU=Domain Control Validated; OU=Gandi Standard SSL; CN=symfony.com
*        start date: 2014-11-21 00:00:00 GMT
*        expire date: 2017-11-21 23:59:59 GMT
*        subjectAltName: symfony.com matched
*        issuer: C=FR; ST=Paris; L=Paris; O=Gandi; CN=Gandi Standard SSL CA 2
*        SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: symfony.com
> Accept: */*
> 
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Age: 138
< Cache-Control: public, s-maxage=600
< Content-Type: text/html; charset=UTF-8
< Date: Sat, 07 Jan 2017 03:05:08 GMT
< Server: nginx/1.4.6 (Ubuntu)
< Via: 1.1 varnish-v4
< X-Varnish: 168003559 167316902
< Content-Length: 34582
< Connection: keep-alive
<

With the -v option, apparently SSLv3 can be used. How to use the first command in order to successful establish the connection?

EDIT:

I have compared the curl information with a Redhat server where curl does work, and these were the results:

My CentOS 5 "curl -V" information:

[root@orahost tls]# curl -V
curl 7.29.0 (i686-redhat-linux-gnu) libcurl/7.29.0 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz

The RedHat 6 "curl -V" information:

[root@vps-1128921-x /etc/pki/tls] # curl -V
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

I notice that my CentOS uses OpenSSL while the Redhat does not. Could this be the problem?

jstuardo
  • 3,901
  • 14
  • 61
  • 136
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Server Fault](http://serverfault.com/) would be a better place to ask. Also see [Where do I post questions about Dev Ops?](http://meta.stackexchange.com/q/134306) – jww Jan 08 '17 at 16:43
  • Also see [How to fix curl sslv3 alert handshake failure?](https://unix.stackexchange.com/questions/192944/how-to-fix-curl-sslv3-alert-handshake-failure) on [Unix & Linux Stack Exchange](http://unix.stackexchange.com/). – jww Jan 09 '17 at 18:54

1 Answers1

-1

Are you on Mac OS? if so try this to re install cURL:

brew install curl
brew link curl --force

See this link for explanation: https://unix.stackexchange.com/questions/192944/how-to-fix-curl-sslv3-alert-handshake-failure

Also try:

curl -LsS3 https://symfony.com/installer -o /usr/local/bin/symfony

adding -3 option for --sslv3. Here's all the options for cURL in case you need it: https://curl.haxx.se/docs/manpage.html

Community
  • 1
  • 1
Alvin Bunk
  • 7,621
  • 3
  • 29
  • 45
  • I used -3 option but the same problem occurs. The problem only happen when I use "symfony" binary to add a new project. – jstuardo Jan 07 '17 at 16:11
  • Maybe try wget. – Alvin Bunk Jan 07 '17 at 16:26
  • As I said, that problem also happen when using "symfony" binary, so I think I need to solve the problem instead of trying to patch it. To use the curl application I have used http instead of https and it worked but this is the tip of the iceberg so maybe there is some misconfiguration in openSSL library or something like that – jstuardo Jan 07 '17 at 16:30
  • I have edited the question with a comparison between a server where curl does not work and a server where it does work. – jstuardo Jan 07 '17 at 17:43
  • I am thinking that the https server I am trying to connect to does not support either SSLv2 or SSLv3. I realized of it by performing this command: openssl s_client -connect symfony.com:443 -ssl3. When instead of ssl3 I used tls1 it connected well. So, how can I tell my system to not use SSLv3 protocol? Do you know or will it be necessary to open other question? – jstuardo Jan 07 '17 at 18:02