curl returns "ssl_choose_client_version:unsupported protocol" error in Ubuntu 20.x

By -
If you encountered "ssl_choose_client_version:unsupported protocol" when using curl in Ubuntu 20:

    $ curl https://somehost/
 
curl: (35) error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol


It may because the "somehost" only accepts old protocol (e.g. TLS v1, etc.), but in Ubuntu 20.x, the OpenSSL assumes minimum = TLS v1.2 by default. 

If the "somehost" just cannot upgrade to TLS v1.2, you might consider fixing it with the following:

1) Modify /etc/ssl/openssl.cnf

Search for the line "oid_section = new_oids"

Add the following lines below it:

openssl_conf = default_conf

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1.1
CipherString = DEFAULT@SECLEVEL=1

2) curl "somehost" with the following parameters

$ curl --tlsv1 https://somehost

3) If the "somehost" just using a self-signed certificate

    $ curl -k --tlsv1 https://somehost

Reference:



Comments

Post a Comment

Popular posts from this blog

Java encoding : UTF-8, Big5, x-MS950-HKSCS

By -
Suppose you got a file in Big5 containing some HKSCS characters (e.g. 深水埗, 赤鱲角, etc). When your environment (Ref: Charset.defaultCharset( ) ) is either UTF-8 / Big5, you will never get the things work. The proper encoding should be "x-MS950-HKSCS" This situation happens when I'm try the same pieces of code in Java console / Eclipse console and JSP @ Tomcat. While JSP works fine, but sucks in console mode. Finally I found the JSP is actually using encoding "x-MS950-HKSCS". To set environment charset in Eclipse: Right click on the file that you are going to execute (e.g. Testing.java), then "Properties" → "Run/Debug Settings" → "Common" → "Encoding". Type "x-MS950-HKSCS" in the field. What a pity!
Read more