Bug 1267193 - CURL does not work with some SNI server
Summary: CURL does not work with some SNI server
Keywords:
Status: CLOSED DUPLICATE of bug 1185708
Alias: None
Product: Fedora
Classification: Fedora
Component: nss
Version: 22
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Elio Maldonado Batiz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-09-29 09:44 UTC by la_antorcha_guia
Modified: 2015-09-29 10:22 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-09-29 10:22:44 UTC
Type: Bug


Attachments (Terms of Use)

Description la_antorcha_guia 2015-09-29 09:44:31 UTC
Description of problem:
curl https://somedomainincloudflare.com

NSS seems to fail with sni????.cloudflare.com

NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP)
Cannot communicate securely with peer: no common encryption algorithm(s).

With openssl s_client and servername option works without any problem.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. curl sni server
2. error
3. 

Actual results:
Can not connect to site under ssl SNI

Expected results:
Connect without problems

Additional info:

Comment 1 Kamil Dudka 2015-09-29 09:53:37 UTC
(In reply to dev002 from comment #0)
> Description of problem:
> NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP)
> Cannot communicate securely with peer: no common encryption algorithm(s).

Please re-read the error message you were given.  It does not seem to be related to SNI at all.  It is more likely a problem with certain cipher-suite not being enabled by nss.  Could you please re-test with nss-3.20.0-1.1.fc22 and confirm whether the problem is fixed?

https://koji.fedoraproject.org/koji/buildinfo?buildID=685768

Comment 2 la_antorcha_guia 2015-09-29 10:18:02 UTC
Yes, works with nss-3.20.0-1.1.fc22 package.

Comment 3 Kamil Dudka 2015-09-29 10:22:44 UTC
Thanks for the confirmation!

*** This bug has been marked as a duplicate of bug 1185708 ***


Note You need to log in before you can comment on or make changes to this bug.