ubuntu - curl: Unknown SSL protocol error in connection -

ubuntu - curl: Unknown SSL protocol error in connection -

i'm trying connect 1 server (a) in aws server (b) in aws tomcat 7 + ssl.

server a:

ubuntu 14.04 openssl 1.0.1f

server b:

ubuntu 13.04 tomcat 7 openssl 1.0.1c ssl certificate

i'm trying next command in server a:

curl https://server.b -v

and next exception:

* connection #0 host test.salespredict.com left intact yakirm@ip-10-214-10-178:~$ curl https://server.b.com -v * rebuilt url to: https://server.b.com/ * hostname not found in dns cache * trying 54.245.81.*... * connected server.b.com (54.245.81.*) port 443 (#0) * set certificate verify locations: * cafile: none capath: /etc/ssl/certs * sslv3, tls handshake, client hello (1): * unknown ssl protocol error in connection server.b.com:443 * closing connection 0 curl: (35) unknown ssl protocol error in connection server.b.com:443

i tried check openssl

openssl s_client -connect server.b.address:443

i next result:

connected(00000003) 140284858304160:error:140790e5:ssl routines:ssl23_write:ssl handshake failure:s23_lib.c:184: --- no peer certificate available --- no client certificate ca names sent --- ssl handshake has read 0 bytes , written 307 bytes --- new, (none), cipher (none) secure renegotiation not supported compression: none expansion: none ---

if i'm trying connect own computer (os x mavericks), curl success openssl command homecoming same.

btw

if i'm trying:

curl https://server.b -v -ssl3

it's work server a, don't want specify ssl protocol.

edit

server b - tomcat configuration:

<connector sslenabled="true" acceptcount="100" clientauth="false" disableuploadtimeout="true" enablelookups="true" maxthreads="200" port="443" keystorefile="/var/lib/tomcat7/conf/path/path_keystore" keystorepass="******" protocol="org.apache.coyote.http11.http11nioprotocol" scheme="https" secure="true" sslprotocol="tls" />

the main difference between setting --sslv3 , not setting is, client not announce back upwards versions higher ssl3.0 in initial clienthello message. client , server agree on version supported both sides, right client announce best ssl version supports.

it looks in case confronted situation, server (or middlebox) not unable speak newer tls versions unable deal ssl 3.0 properly, because croaks if client announces back upwards newer versions. since server software not old have either unusual server setup or middlebox (i.e. load balancer, firewall...) unable deal proper tls.

more info might possible if post more info server. might check server against ssllabs.

edit: looks server supports tls1.* disconnects when client offers ecdhe-rsa-aes256-sha cipher. using openssl s_client -cipher 'all:!ecdhe-rsa-aes256-sha' works curl --ciphers 'all:!ecdhe-rsa-aes256-sha'. assume problem on server side - maybe have configured ciphers in reality not supported ssl implementation in tomcat (which not openssl, because java has own implementation) , java croaks when tries utilize them.

ubuntu ssl curl openssl