Skip to content

Instantly share code, notes, and snippets.

@jcsalterego

jcsalterego/gist:7789998

Last active December 30, 2015 06:29
Show Gist options
  • Save jcsalterego/7789998 to your computer and use it in GitHub Desktop.
Save jcsalterego/7789998 to your computer and use it in GitHub Desktop.
Download ZIP
sslv2 alert handshake failure
Raw
gistfile1.txt
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04 LTS
Release: 12.04
Codename: precise
$ curl --version
curl 7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtmp rtsp smtp smtps telnet tftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
$ curl --verbose https://sitestream.twitter.com/
* About to connect() to sitestream.twitter.com port 443 (#0)
* Trying 199.59.148.137... connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
* Closing connection #0
curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
$ openssl s_client -connect sitestream.twitter.com:443
CONNECTED(00000003)
139698172339872:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:724:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 174 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
@lfcipriani
Copy link 

I executed this on my remote machine, it worked. Can you check if your are trusting the right certs? Or maybe  update your system?

user@host:~#  lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 13.04
Release:    13.04
Codename:   raring

user@host:~# curl --version
curl 7.29.0 (x86_64-pc-linux-gnu) libcurl/7.29.0 OpenSSL/1.0.1c zlib/1.2.7 libidn/1.25 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp 
Features: GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP 

user@host:~# curl --verbose https://sitestream.twitter.com/
* About to connect() to sitestream.twitter.com port 443 (#0)
*   Trying 199.16.156.49...
* Connected to sitestream.twitter.com (199.16.156.49) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-SHA
* Server certificate:
*    subject: C=US; ST=CA; L=San Francisco; O=Twitter, Inc.; OU=Twitter Security; CN=sitestream.twitter.com
*    start date: 2012-10-23 00:00:00 GMT
*    expire date: 2015-10-28 12:00:00 GMT
*    subjectAltName: sitestream.twitter.com matched
*    issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert High Assurance CA-3
*    SSL certificate verify ok.
...

@kenorb
Copy link

kenorb commented Mar 27, 2015

This was a curl bug. Please upgrade your curl.
See: How to fix curl sslv3 alert handshake failure?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment