I had a running gitlab on an online server with ssl for several years now. Due to a server problem, the provider restarted the machine. Since then, I cannot connect to my gitlab anymore. Does anybody have an idea, how to solve the problem?
Thanks.
root#git:~# curl -v -H -GET "https://gitlabAdress.com"
Rebuilt URL to: https://gitlabAdress.com/
Trying xxx.xxx.xxx.xxx...
TCP_NODELAY set
Connected to gitlabAdress.com (xxx.xxx.xxx.xxx) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
successfully set certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs
TLSv1.3 (OUT), TLS handshake, Client hello (1):
OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to gitlabAdress.com:443
stopped the pause stream!
Closing connection 0 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to gitlabAdress.com:443
Related
I read the lot of blogs about the issue but none of the workaround /solutions worked for me.
I am using the curl command like below
curl -v https://golang.org/dl/?mode=json
* Trying 142.250.80.113:443...
* Connected to golang.org (142.250.80.113) port 443 (#0)
* schannel: disabled automatic use of client certificate
* ALPN: offers http/1.1
* schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
* Closing connection 0
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
I changed the setting in gitbash (windows) to use openssl using the below command
git config --global http.sslBackend "openssl"
I am getting the below error after changing openssl
$ curl -v https://golang.org/dl/?mode=json
* Trying 172.253.62.141:443...
* Connected to golang.org (172.253.62.141) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
* CApath: C:\Users\AL25229
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self signed certificate in certificate chain
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
I have the CA cert/pem file which my organization provides. I am getting all those error messages when I connect with VPN. Connecting VPN is mandatory. By disabling the VPN, it works fine.
When I send the request to https://DOMAIN:443/path it works correctly in every web browser I've tried. But when it comes to curl (and wget) I get an error. I already recompiled openssl and curl (latest versions) with not changes.
curl -vv https://DOMAIN:443/path
Output
* TCP_NODELAY set
* Connected to DOMAIN (IPADDRESS) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to DOMAIN:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to DOMAIN:443
Curl version
curl 7.61.0 (x86_64-pc-linux-gnu) libcurl/7.61.0 OpenSSL/1.1.1 zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.4) nghttp2/1.32.1 librtmp/2.3
Release-Date: 2018-07-11
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
Thanks for your help.
The error I was referring to might happen when the firewall is blocking Curl and wget connections. This theory is supported by these facts:
I received the same error using different operative systems, configurations, IP addresses and the result was the same.
Browser based request were successful.
Using alternatives to curl and wget worked perfectly (I used aria2 and kurly)
So, problem solved for me. I hope this answer can help anyone facing the same problem.
I installed CouchDB on an Ubuntu server on EC2 on AWS.
Then, I got an SSL cert with Let's Encrypt.
I edited the local.ini file to enabled SSL and point to the cert files.
I opened port 6984 on the EC2 instance.
I restarted CouchDB.
But, I still can't access it over SSL : (
Any help would rock!
Here's my curl
$ curl https://example.com:6984 -v
* Trying ip.add.re.ss...
* TCP_NODELAY set
* Connected to example.com (ip.add.re.ss) port 6984 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /path/to/certs/ca-certificates.crt
CApath: /path/to/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to example.com:6984
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to example.com:6984
Some help would rock.
Context:
Server: Debian 8.6
curl 7.38.0-4+deb8u11
libcurl3:amd64 7.38.0-4+deb8u11
openssl 1.0.1t-1+deb8u8
CASE 1 (KO)
When I try to connect to a website that DOES NOT SUPPORT Secure renegotiation using curl by command line I am always getting this error:
Unknown SSL protocol error in connection to xxxxx
This the complete output of the command:
curl -v --tlsv1.2 xxxxxxxxx
Rebuilt URL to: xxxxxxxxxx
Hostname was NOT found in DNS cache
Trying XXXXXXX...
Connected to xxxxxxxxxxxx (x.x.x.x) port 443 (#0)
successfully set certificate verify locations:
CAfile: none
CApath: /etc/ssl/certs
SSLv3, TLS handshake, Client hello (1):
Unknown SSL protocol error in connection to xxxxxxxxxx:443
Closing connection 0
curl: (35) Unknown SSL protocol error in connection to xxxxxx:443
Additional info: the remote website does not support secure renegotiation (I checked with openssl s_client -connect domainname:443).
It looks like curl always tries to perform the SSL handshake using SSLv3 and the server immediately refuse connection not performing any renegotiation.
CASE 2 (OK)
When I try to connect to a website that DOES SUPPORT Secure renegotiation using curl by command line I am able to connect.
This the complete output of the command:
root#web1:~# curl -v --tlsv1.2 XXXXXXX
Rebuilt URL to: XXXXXX
Hostname was NOT found in DNS cache
Trying XXXXXXX...
Connected to XXXXXXXX (XXXXXXX) port 443 (#0)
successfully set certificate verify locations:
CAfile: none
CApath: /etc/ssl/certs
SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using TLSv1.2 / AES256-GCM-SHA384
Additional info: the remote website supports secure renegotiation(I checked with openssl s_client -connect domainname:443).
It looks like curl always tries to perform the SSL handshake using SSLv3, then the server performs a renegotiation and curl accepts the new ssl protocol version (tlsv1.2).
The root cause looks like curl is ignoring the option --tlsv1.2 or am I wrong?
I already updated packages to latest version (Debian 9 is not an option).
Any suggests?
Thank you
I'm playing around with installing ubuntu server on VirtualBox and learning my way around linux. At one point I got the VM working and able to run curl, wget, apt-get and install docker through my company's proxy. I decided to rebuild it and now I've hit a strange issue. wget works with https but curl does not.
Curl is coming back with the following error for all https sites:
curl -v https://<url>
trying <IPAddress>...
connected to <proxyserver> port <port> (#0)
ALPN, offering http/1.1
cipher selection: ALL:!EXPORT:!EXPORT40:EXPORT56:!aNULL:!LOW:!RC4:#STRENGTH
successfully set certificate verify locations:
CAfile: /etc/ssls/certs/ca_certificate.crt
CApath: /etc/ssls/certs
TLSv1.2 (OUT), TLS header, Certificate Status (22):
TLSv1.2 (OUT), TLS handshake, client hello (1):
error: 140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Any idea what the issue is?
Found the issue is specific to Ubuntu Server 17.10.1. Have installed Ubuntu server 16.04.4 LTS.