Question

15

When I try to CURL a website I get SSL error

rated 0 times [ 15] [ 0] / answers: 1 / hits: 28519 / 2 Years ago, sun, march 20, 2022, 12:37:47

I installed Ubuntu 20 on my VPS. This is why I'm trying to do:

curl -v https://imenik.tportal.hr/show?action=pretraga&type=bijeleStranice

[1] 438975

root@vps:/var/www/html/tportal# *   Trying 195.29.166.100:443...

* TCP_NODELAY set

* Connected to imenik.tportal.hr (195.29.166.100) port 443 (#0)

* ALPN, offering h2

* ALPN, offering http/1.1

* successfully set certificate verify locations:

*   CAfile: /etc/ssl/certs/ca-certificates.crt

  CApath: /etc/ssl/certs

* TLSv1.3 (OUT), TLS handshake, Client hello (1):

* TLSv1.3 (IN), TLS handshake, Server hello (2):

* TLSv1.3 (OUT), TLS alert, protocol version (582):

* error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

* Closing connection 0

curl: (35) error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

But when I try like this, it kinda works

curl -v http://imenik.tportal.hr/show?action=pretraga&type=bijeleStranice

[1] 438977

root@vps:/var/www/html/tportal# *   Trying 195.29.166.100:80...

* TCP_NODELAY set

* Connected to imenik.tportal.hr (195.29.166.100) port 80 (#0)

> GET /show?action=pretraga HTTP/1.1

> Host: imenik.tportal.hr

> User-Agent: curl/7.68.0

> Accept: */*

>

* Mark bundle as not supporting multiuse

< HTTP/1.1 301 Moved Permanently

< Date: Tue, 16 Jun 2020 07:44:32 GMT

< Server: Apache/2.2.3 (CentOS)

< Location: https://imenik.tportal.hr/show?action=pretraga

< Content-Length: 336

< Connection: close

< Content-Type: text/html; charset=iso-8859-1

<

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>

<title>301 Moved Permanently</title>

</head><body>

<h1>Moved Permanently</h1>

<p>The document has moved <a href="https://imenik.tportal.hr/show?action=pretraga">here</a>.</p>

<hr>

<address>Apache/2.2.3 (CentOS) Server at imenik.tportal.hr Port 80</address>

</body></html>

* Closing connection 0

I can't find a solution to this SSL problem

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

ticeate

Add To Favorites

Follow

Total Points: 497

Total Questions: 128

Total Answers: 112

Location: Samoa

Member since Fri, Nov 27, 2020

4 Years ago

ticeate questions

1 How to set ssh keys in cloud-init?

Sat, May 28, 22, 13:09, 2 Years ago

1 Switching keyboard layout intercepts window focus & collapses fullscreen windows in Ubuntu 22.04

Sat, Sep 4, 21, 21:10, 3 Years ago

1 Understanding memory usage in Ubuntu - after upgrading to Ubuntu 21.10 from 20.04 my memory usage increased dramatically

Thu, Aug 5, 21, 09:55, 3 Years ago

1 How do I create an empty file (0 byte size) in all the directories?

Wed, Nov 9, 22, 22:20, 2 Years ago

1 Installing libgdal-dev on Ubuntu 20.04

Thu, Jan 20, 22, 05:32, 2 Years ago

View All

answered 2 Years ago mouedi · Accepted Answer

The Website uses the old TLS protocol version 1.0, which has been disabled by default since Ubuntu 20.04.

To temporarily override the default for your curl command, you can create a config file somewhere (e.g. ~/.openssl_allow_tls1.0.cnf with following content:

openssl_conf = openssl_init



[openssl_init]

ssl_conf = ssl_sect



[ssl_sect]

system_default = system_default_sect



[system_default_sect]

CipherString = DEFAULT@SECLEVEL=1

Then run your command like this:

OPENSSL_CONF=~/.openssl_allow_tls1.0.cnf curl -v https://imenik.tportal.hr/show?action=pretraga&type=bijeleStranice

(this will only set OPENSSL_CONF for that single command)

or

export OPENSSL_CONF=~/.openssl_allow_tls1.0.cnf

curl -v https://imenik.tportal.hr/show?action=pretraga&type=bijeleStranice

(this will only set OPENSSL_CONF for the current session or script)

You could also set it globally in /etc/ssl/openssl.cnf, but it has been disabled for good reasons and I would only override that when necessary.

(via)