can anyone help me figure out what's going on with this connection? Server is I believe running Tomcat and it is a self-generated CA, however I don't have much other information to give.
openssl 1.1.1g
openssl s_client -connect servername:443 -CAfile /path/to/cafile -tls1_2
CONNECTED
SSL handshake has read 7 bytes and written 229 bytes
Verification: OK
New (NONE), Cipher is (NONE)
Secure renegotiation is NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session: TLSv1.2
Cipher: 0000
Session-ID:
Session-ID-Ctx:
Master-key:
PSK Identity: None
SRP username: None
Verify return code: 0 (ok)
Extended master secret: No
ssl3_read_bytes:tlsv1 alert protocol version:SSL alert number 70
But with OpenSSL 1.1.0g
openssl s_client -connect servername:443 -CAfile /path/to/cafile -tls1_2
depth=1, C=GB, <other redacted for privacy>
verify return: 1
CONNECTED
Certificate chain:
0 s:/C=GB...
i:/C=GB...
Server certificate
-------BEGIN CERTIFICATE------
..etc.
Ditto with curl, older version of OpenSSL the HTTPS request succeeds and I get the expected 200 response, but with newer version I get ssl3_read_bytes:invalid alert
Both same command: curl --tlsv1.2 --cacert ... -trace - https://servername/...
If I take off the --tlsv1.2, on newer curl i get ssl3_get_record:wrong version number and on older curl/openSSL, it succeeds (but still reports TLSv1.2 OUT/IN)
question from:
https://stackoverflow.com/questions/66066988/ssl-error-on-newer-curl-openssl-versions-works-on-older-versions 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
