I'm running on Windows. If I call this from command line:
curl https://dev.azure.com
It returns error:
curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed
This is important because sometimes I use curl to download files from Azure devops.
This was fixed by downloading IISCryptoCLI.exe from https://www.nartac.com/Products/IISCrypto and running:
IISCryptoCli.exe /template pci32 /reboot
(IISCryptoCli.exe /template best /reboot works too, but I wanted to disable TLS 1.0 and 1.1 by using pci32 instead.)
Related
When I try to execute this curl command :
curl -v --key some_key_file.key --cert certificate_file.pem --show-error --header "Content-Type: application/json;charset=UTF-8" https://some-api/service
I get the following error : curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed
And the full execution log :
I have searched this error online and haven't found anyone explaining what it really meant.
Do you have any idea what the source cause could be ?
And do you know if there is a way to get more information about the error ?
Turns out the problem was with my curl version which, for some reason didn't accept the arguments --cert and --key.
To solve the problem, I installed a completely new curl version and ran it from the instllation folder and it worked.
Run the command from the path where you have curl package.
if you place in c:\curl goto this path and run the curl command it will work.
I also try installing latest curl (given below) but it didn't solve my issue.
curl 7.77.0 (x86_64-pc-win32) libcurl/7.77.0 OpenSSL/1.1.1k (Schannel)
zlib/1.2.11 brotli/1.0.9 zstd/1.5.0 libidn2/2.3.1 libssh2/1.9.0
nghttp2/1.43.0 libgsasl/1.10.0 Release-Date: 2021-05-26 Protocols:
dict file ftp ftps gopher gophers http https imap imaps ldap ldaps
mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli gsasl HSTS HTTP2 HTTPS-proxy IDN
IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI TLS-SRP
Unicode UnixSockets zstd
This error happens when you are behind a 7 layer firewall (i.e Palo Alto) that Allow SSL connections only via application, so you have to configure 2 rules in such solution.
Allow 443 or whatever port with higher priority
Allow Application SSL with lower priority
I am using kafka version 2.12-2.2.1 in windows operating system. I have implemented tls on my local windows systems using the process of signed certificates.
The kafka is running fine and there is one command to check if certificates are installed on kafka.
openssl s_client -debug -connect localhost:9093 -tls1
But when I try to connect to localhost:9093 and using producer or consumer it is throwing me an error saying :
connection to node -1 failed due to authentication
I have tried everything, I am stuck even the documentation provided is not giving any hints to solve this error.
Note: One more addition how can I see the list of topics and describe the topic if exits using ssl in kafka because that command is also not working.
Along with that I have tried every answer on SO but still no success.
The documentation I have followed Installing ssl on kafka
I've been playing around with Curl, trying to do what should be a simple POST of a file to a web service for a couple of days and not getting anywhere.
The target POST service is unauthenticated HTTPS. When trying to run my POST request via Curl or via Informatica, I am getting an SSL handshake failure with both methods.
For example:
curl -X POST -F 'file=#filename.dat' https://url
I have been able to get this to work using Postman, so I know the service works. According to network security, SSL is disabled in this environment. Am I out of luck, or is there a way to get this to work without SSL?
Specific error encountered:
curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
By default, a client establishing a HTTPS URL connection will check the validity of a SSL certificate - otherwise, what's the point of using SSL?
In your case, you are saying "Pretend to use HTTPS but actually, ignore the certificate", because it's invalid, or you are still getting one, or you are in the development phase (I hope the latter is true, and get or create a valid sever certificate when needed).
But curl doesn't know that. It is assuming you are asking it to establish a connection with an HTTPS endpoint - thus it will try to validate the certificate - which, in your case, may be the source of the failure.
Try curl -k -X POST -F 'file=#filename.dat' https://url
From the manpage:
-k, --insecure
(TLS) By default, every SSL connection curl makes is verified to be secure. This option allows curl to proceed and operate even for server connections otherwise considered insecure.
The server connection is verified by making sure the server's certificate contains the right name and verifies successfully using the cert store.
See this online resource for further details:
https://curl.haxx.se/docs/sslcerts.html
See also --proxy-insecure and --cacert.
While installing Composer to XAMPP, I got some errors. My system OS was Windows 7, how can I solve this and install Composer?
Download failed: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
file_get_contents(): Failed to enable crypto
file_get_contents(https://getcomposer.org/composer.phar.sig): failed to open stream: operation failed
Download failed: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
file_get_contents(): Failed to enable crypto
file_get_contents(https://getcomposer.org/composer.phar.sig): failed to open stream: operation failed
Make sure you configured the path to the ca certificates in php.ini:
curl.cainfo=/full/path/to/ssl/certs/ca-bundle.crt
openssl.cafile=/full/path/to/ssl/certs/ca-bundle.crt
In case you don't have a ca certificate bundle download it:
https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt
To install Composer (without using cURL):
php -r "readfile('https://getcomposer.org/installer');" | php
Or, to install Composer (with cURL):
curl -sS https://getcomposer.org/installer | php
(If that doesn't work out, simple download the Composer PHAR via your browser.
https://getcomposer.org/composer.phar
But, you will run into the issue again, when fetching packages, until you fix the certificate issue.)
That's exactly the same issue I'm facing. While installing the Composer Installer on my Windows 7 machine I'm getting the below error:
The "https://getcomposer.org/versions" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Failed to enable crypto
failed to open stream: operation failed
Tried this:
$ curl -sS https://getcomposer.org/installer | php
stdin is not a tty
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
And this:
$ ping getcomposer.org
Pinging getcomposer.org [87.98.253.108] with 32 bytes of data:
Reply from 87.98.253.108: bytes=32 time=137ms TTL=47
Reply from 87.98.253.108: bytes=32 time=127ms TTL=47
Reply from 87.98.253.108: bytes=32 time=127ms TTL=47
Reply from 87.98.253.108: bytes=32 time=127ms TTL=47
Ping statistics for 87.98.253.108:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 127ms, Maximum = 137ms, Average = 129ms
My PHP version is:
$ php -v
PHP 5.5.37 (cli) (built: Jun 22 2016 16:14:46)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2015, by Zend Technologies
I've enabled the following list in my php.ini:
extension=php_curl.dll
extension=php_openssl.dll
curl.cainfo="C:/xampp/php/extras/certs/cacert.pem"
openssl.cafile="C:/xampp/php/extras/certs/cacert.pem"
Where I've downloaded the cacert.pem from https://curl.haxx.se/ca/cacert.pem
I was missing to add the proxy settings while installation, when added it worked like charm! :)
http://username:password#your_proxy:your_port
I was having the same issue while changing php version on my Windows. Hope this could help someone.
php.ini didn't have right extensions and I just had to uncomment:
extension_dir = "ext"
extension=openssl
Check the php.ini of your php for me Im using ampps on mac and just changed it to:
curl.cainfo =/Applications/AMPPS/ca-bundle.crt
openssl.cafile =/Applications/AMPPS/ca-bundle.crt
After Updating php.ini, you need to restart your apache
You may download the ca-bundle.cer here https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt and rename as ca-bundle.crt.
check attached for your reference before and after updating php.ini
Is it possible to test a web service that is using a self-signed certificate with Apache Bench? By default, it will fail with SSL read failed - closing connection. I'm unable to find anyway to have it ignore SSL failures.
$ ab -n 1 -c 1 https://localhost:8080
Benchmarking localhost (be patient)...SSL read failed - closing connection
..done
Additionally, if this is not possible then does anyone know of an alternative tool which allows for this?