We are trying to connect to a server that has disabled SSLv3 using curl from our machine running Ubuntu 22.04. We are getting a SSLv3 handshake failure error even after forcing curl to only use TLSv1.2:
root@xxxxxxxx:~# curl -v --tlsv1.2 --tls-max 1.2 https://xxxxxxxxxx:xxxx
- Trying xxx.xxx.xxx.xxx:xxxx...
- Connected to xxxxxxxxxx (xxx.xxx.xxx.xxx) port xxxx (#0)
- ALPN, offering h2
- ALPN, offering http/1.1
- CAfile: /etc/ssl/certs/ca-certificates.crt
- CApath: /etc/ssl/certs
- TLSv1.0 (OUT), TLS header, Certificate Status (22):
- TLSv1.2 (OUT), TLS handshake, Client hello (1):
- TLSv1.2 (IN), TLS header, Unknown (21):
- TLSv1.2 (IN), TLS alert, handshake failure (552):
- error:0A000410:SSL routines::sslv3 alert handshake failure
- Closing connection 0 curl: (35) error:0A000410:SSL routines::sslv3 alert handshake failure
We have been advised by the server team to disable SSLv3 on our machine. Would appreciate help in how to go about this.
We are able to connect to the server without issues using curl 8.5.0 from a Windows installation.
The curl package is updated to the latest version 7.81.0 as is OpenSSL 3.0.2.