* TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (OUT), TLS handshake, Client hello (1): The output below shows a successful TLS 1.2 TLS handshake and some output from the webserver. blog(35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to Now, let’s tell curl to use TLS protocol version of 1.2 with the parameters -tlsv1.2 -tls-max 1.2 and see if we can successfully access the webserver. * LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to * Closing connection 0 * TLSv1.1 (OUT), TLS handshake, Client hello (1): * successfully set certificate verify locations: So in the output, when forcing curl to use TLS version 1.1, the SSL_connect fails since the webserver only permits 1.2+ curl -verbose -tlsv1.1 -tls-max 1.1 The webserver here has a policy that allows only TLS version 1.2+. Using the -verbose parameter gives you the ability to see the TLS handshake and get the output sent to standard out. This code here uses curl with the parameters -tlsv1.1 -tls-max 1.1, which will force the max TLS protocol version to 1.1. Ever need to set your web server a specific protocol version of TLS for web servers and need a quick way to test that out to confirm? Let’s check out how to use curl to go just that.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |