openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

ssl openssl tls

Solution 1:

This looks like a problem with ECDH support between client and server. If you exclude all ECDH ciphers it works:

openssl s_client -connect ms.icometrix.com:443 -cipher 'DEFAULT:!ECDH'

My guess is that the server croaks on some of the 25 ECC curves offered by the client. Browsers only offer few curves. OpenSSL 0.9.8 does not support any ECC yet and RedHat/CentOS has a history of disabling ECC by default for patent reasons. I don't know why OpenSSL 1.0.2 works since I don't have access to this version.

Please note that giving the OpenSSL version is usually not enough because all the distributions keep older versions but add security patches. Instead check with dpkg -l openssl which gives 1.0.1f-1ubuntu2.15 on my system.

Related

How can I switch between Nouveau and INTEL video driver?
Is it OK to delete the /boot/initrd.img file on a running system
Is there a way to transition from Linux Mint with Mate desktop to Ubuntu MATE without re-install?
Latest security updates with debootstrap?
What is the "Alternative Characters Key"?
Arc Theme on Ubuntu 16.04 looks weird
Ubuntu 16.04 Failed to created shared shared memory file: Permission denied?
Ubuntu 16.04 Brightness & Lock - Screen does not turn off
Ubuntu crashes when setting maximum resolution on external 4K monitor
How to enable icons on GNOME 3 desktop on Wayland?
Hide terminal password as typing
Unity - Reduce RAM usage