------=_Part_5683_9530070.1193202122669
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

That's TLSv1, not SSLv2.

0000: 01 03 01 00 63 00 00 00 10 00 00 39 00 00 38 00 ....c......9..8.
0010: 00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00 .5..............
0020: 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f .........3..2../
0030: 00 00 45 00 00 44 00 00 41 00 00 07 05 00 80 03 ..E..D..A.......
0040: 00 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00 ................
0050: 12 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08 ......@.........
0060: 00 00 06 04 00 80 00 00 03 02 00 80 c9 f7 89 ff ................
0070: 74 f1 92 59 c8 a0 f1 ba ab c0 dd 89 t..Y........

On 10/23/07, Jake Goulding wrote:
>
> Hey all:
>
> We use curl to retrieve webpages, and recently started receiving an
> intermittent (40-60% of the time) error when retrieving a page from the
> CIA. About two weeks ago, they switched to running https only, with the
> http URLs being forwarded to the https equivalents.
>
> The error we receive is:
>
> $ curl 'https://www.cia.gov/about-cia/faqs/'
> curl: (35) Unknown SSL protocol error in connection to www.cia.gov:443
>
> Using the --trace option, I see this:
>
> == Info: About to connect() to www.cia.gov port 443 (#0)
> == Info: Trying 198.81.129.100... == Info: connected
> == Info: Connected to www.cia.gov (198.81.129.100) port 443 (#0)
> == Info: successfully set certificate verify locations:
> == Info: CAfile: /etc/ssl/certs/ca-certificates.crt
> CApath: none
> == Info: SSLv2, Client hello (1):
> => Send SSL data, 124 bytes (0x7c)
> 0000: 01 03 01 00 63 00 00 00 10 00 00 39 00 00 38 00 ....c......9..8.
> 0010: 00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00 .5..............
> 0020: 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f .........3..2../
> 0030: 00 00 45 00 00 44 00 00 41 00 00 07 05 00 80 03 ..E..D..A.......
> 0040: 00 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00 ................
> 0050: 12 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08 ......@.........
> 0060: 00 00 06 04 00 80 00 00 03 02 00 80 c9 f7 89 ff ................
> 0070: 74 f1 92 59 c8 a0 f1 ba ab c0 dd 89 t..Y........
> == Info: Unknown SSL protocol error in connection to www.cia.gov:443
> == Info: Closing connection #0
>
> Unfortunately, I don't grok SSL hex :-) .
>
> I have tried this and received the same error with the following versions:
> curl-7.12.1-8.rhel4 / openssl-0.9.7a-43.14
> curl-7.12.1-11.el4 / openssl-0.9.7a-43.16
> curl-7.16.1 / openssl-0.9.8e
> curl-7.17.0 / openssl-0.9.8f
>
> Firefox does not seem to have any issues with this page.
>
> I asked the curl mailing list about this error, and got the following
> response:
>
> > This is apparently has nothing to do with curl. I got the same
> > intermittent errors with lynx, w3m, wget, you name it. I am using
> > OpenSSL 0.9.8g 19 Oct 2007.

>
> Any help would be greatly appreciated. Please let me know if I can
> provide more information.
>
> Thanks!
> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majordomo@openssl.org
>


------=_Part_5683_9530070.1193202122669
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

That's TLSv1, not SSLv2.

0000: 01 03 01 00 63 00 00 00 10 00 00 39 00 00 38 00 ....c......9..8.
0010: 00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00 .5..............

0020: 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f .........3..2../
0030: 00 00 45 00 00 44 00 00 41 00 00 07 05 00 80 03 ..E..D..A.......
0040: 00 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00 ................

0050: 12 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08 ......@.........
0060: 00 00 06 04 00 80 00 00 03 02 00 80 c9 f7 89 ff ................
0070: 74 f1 92 59 c8 a0 f1 ba ab c0 dd 89             t..Y........


On 10/23/07, Jake Goulding <goulding@vivisimo.com> wrote:

Hey all:

We use curl to retrieve webpages, and recently started receiving an
intermittent (40-60% of the time) error when retrieving a page from the
CIA. About two weeks ago, they switched to running https only, with the

http URLs being forwarded to the https equivalents.

The error we receive is:

$ curl 'https://www.cia.gov/about-cia/faqs/'
curl: (35) Unknown SSL protocol error in connection to
www.cia.gov:443

Using the --trace option, I see this:

== Info: About to connect() to www.cia.gov port 443 (#0)
== Info:   Trying 198.81.129.100..
.. == Info: connected
== Info: Connected to www.cia.gov (198.81.129.100) port 443 (#0)
== Info: successfully set certificate verify locations:
== Info:   CAfile: /etc/ssl/certs/ca-
certificates.crt
  CApath: none
== Info: SSLv2, Client hello (1):
=> Send SSL data, 124 bytes (0x7c)
0000: 01 03 01 00 63 00 00 00 10 00 00 39 00 00 38 00 ....c......9..8.
0010: 00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00 .5..............

0020: 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f .........3..2../
0030: 00 00 45 00 00 44 00 00 41 00 00 07 05 00 80 03 ..E..D..A.......
0040: 00 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00 ................

0050: 12 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08 ......@.........
0060: 00 00 06 04 00 80 00 00 03 02 00 80 c9 f7 89 ff ................
0070: 74 f1 92 59 c8 a0 f1 ba ab c0 dd 89             t..Y........

== Info: Unknown SSL protocol error in connection to www.cia.gov:443
== Info: Closing connection #0

Unfortunately, I don't grok SSL hex  :-) .

I have tried this and received the same error with the following versions:

curl-7.12.1-8.rhel4 / openssl-0.9.7a-43.14
curl-7.12.1-11.el4 / openssl-0.9.7a-43.16
curl-7.16.1 / openssl-0.9.8e
curl-7.17.0 / openssl-0.9.8f

Firefox does not seem to have any issues with this page.


I asked the curl mailing list about this error, and got the following
response:

> This is apparently has nothing to do with curl. I got the same
> intermittent errors with lynx, w3m, wget, you name it. I am using

> OpenSSL 0.9.8g 19 Oct 2007.

Any help would be greatly appreciated. Please let me know if I can
provide more information.

Thanks!
__________________________________________________ ____________________

OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    penssl-users@openssl.org">openssl-users@openssl.org

Automated List Manager                           majordomo@openssl.org



------=_Part_5683_9530070.1193202122669--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org