[CentOS] curl: (35) Cannot communicate securely with peer:
Aaron Siegel
admin at siegel-tech.net
Sat Oct 18 17:14:46 UTC 2014
Reindl
Thank you for your post.
I am sorry for the second post, my transition to evolution is ...
I like to have a better understanding of this problem before I open a
bug report.
Looking at the report openssl 1.01h has the cipher which support
www.kraxel.org certificate specifically the
OpenSSL 1.0.1h TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
FS
It appears my cipher, openssl 1.01e, accepts the certificate used by
kraxel, the output of sslscan:
Accepted TLS12 256 ECDHE-RSA-AES256-GCM-SHA384
So why does this not work? Why would this be a bug if I just need to
upgrade openssl to 1.01h from 1.01e?
Thank for your assistance,
Aaron
On Sat, 2014-10-18 at 18:25 +0200, Reindl Harald wrote:
> Am 18.10.2014 um 18:15 schrieb Aaron Siegel:
> > I am stumped. I am trying to us the kraxel qemu repository, it appears
> > the repository moved to secure server since then I have not been able to
> > configure this properly. https://www.kraxel.org/repos/jenkins/
> > I receive the following error when I try to use the repository
> > curl: (35) Cannot communicate securely with peer: no common encryption
> > algorithm(s)
>
> "no common encryption algorithm" should be pretty clear:
>
> a) the server only offers weak ciphers you no longer support
> b) the server only offers modern ciphers you don't support
>
> in fact b) is the case here and so you should open a bugreport against
> NSS/Curl and not dig around in manually compile things and ruin your setup
>
> https://www.ssllabs.com/ssltest/analyze.html?d=kraxel.org
> that server only accepts TLS1.2
>
> [harry at srv-rhsoft:~]$ sslscan www.kraxel.org:443 | grep Accept
> Accepted TLS12 256 bits ECDHE-RSA-AES256-GCM-SHA384
> Accepted TLS12 256 bits ECDHE-RSA-AES256-SHA384
> Accepted TLS12 256 bits DHE-RSA-AES256-GCM-SHA384
> Accepted TLS12 256 bits DHE-RSA-AES256-SHA256
> Accepted TLS12 256 bits AES256-GCM-SHA384
> Accepted TLS12 256 bits AES256-SHA256
> Accepted TLS12 128 bits ECDHE-RSA-AES128-GCM-SHA256
> Accepted TLS12 128 bits ECDHE-RSA-AES128-SHA256
> Accepted TLS12 128 bits DHE-RSA-AES128-GCM-SHA256
> Accepted TLS12 128 bits DHE-RSA-AES128-SHA256
> Accepted TLS12 128 bits AES128-GCM-SHA256
> Accepted TLS12 128 bits AES128-SHA256
>
>
>
More information about the CentOS
mailing list