Re: [CentOS] curl: (35) Cannot communicate securely with peer: - Discuss

18 Oct 2014


      Reindl
Thank you for your post.
I am sorry for the second post, my transition to evolution is ...
I like to have a better understanding of this problem before I open a
bug report.
Looking at the report openssl 1.01h has the cipher which support
www.kraxel.org certificate specifically the
OpenSSL 1.0.1h	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
FS
It appears my cipher, openssl 1.01e, accepts the certificate used by
kraxel, the output of sslscan:
    Accepted	TLS12	256	ECDHE-RSA-AES256-GCM-SHA384
So why does this not work?  Why would this be a bug if I just need to
upgrade openssl to 1.01h from 1.01e?
Thank for your assistance,
Aaron
On Sat, 2014-10-18 at 18:25 +0200, Reindl Harald wrote:
...
Am 18.10.2014 um 18:15 schrieb Aaron Siegel:
...
I am stumped. I am trying to us the kraxel qemu repository, it appears
the repository moved to secure server since then I have not been able to
configure this properly. https://www.kraxel.org/repos/jenkins/
I receive the following error when I try to use the repository
curl: (35) Cannot communicate securely with peer: no common encryption
algorithm(s)
"no common encryption algorithm" should be pretty clear:
a) the server only offers weak ciphers you no longer support
b) the server only offers modern ciphers you don't support
in fact b) is the case here and so you should open a bugreport against 
NSS/Curl and not dig around in manually compile things and ruin your setup
https://www.ssllabs.com/ssltest/analyze.html?d=kraxel.org
that server only accepts TLS1.2
[harry@srv-rhsoft:~]$ sslscan www.kraxel.org:443 | grep Accept
     Accepted  TLS12  256 bits  ECDHE-RSA-AES256-GCM-SHA384
     Accepted  TLS12  256 bits  ECDHE-RSA-AES256-SHA384
     Accepted  TLS12  256 bits  DHE-RSA-AES256-GCM-SHA384
     Accepted  TLS12  256 bits  DHE-RSA-AES256-SHA256
     Accepted  TLS12  256 bits  AES256-GCM-SHA384
     Accepted  TLS12  256 bits  AES256-SHA256
     Accepted  TLS12  128 bits  ECDHE-RSA-AES128-GCM-SHA256
     Accepted  TLS12  128 bits  ECDHE-RSA-AES128-SHA256
     Accepted  TLS12  128 bits  DHE-RSA-AES128-GCM-SHA256
     Accepted  TLS12  128 bits  DHE-RSA-AES128-SHA256
     Accepted  TLS12  128 bits  AES128-GCM-SHA256
     Accepted  TLS12  128 bits  AES128-SHA256