Bug 1267193 - CURL does not work with some SNI server
CURL does not work with some SNI server
Status: CLOSED DUPLICATE of bug 1185708
Product: Fedora
Classification: Fedora
Component: nss (Show other bugs)
22
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Elio Maldonado Batiz
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-29 05:44 EDT by dev002
Modified: 2015-09-29 06:22 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-09-29 06:22:44 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description dev002 2015-09-29 05:44:31 EDT
Description of problem:
curl https://somedomainincloudflare.com

NSS seems to fail with sni????.cloudflare.com

NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP)
Cannot communicate securely with peer: no common encryption algorithm(s).

With openssl s_client and servername option works without any problem.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. curl sni server
2. error
3. 

Actual results:
Can not connect to site under ssl SNI

Expected results:
Connect without problems

Additional info:
Comment 1 Kamil Dudka 2015-09-29 05:53:37 EDT
(In reply to dev002 from comment #0)
> Description of problem:
> NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP)
> Cannot communicate securely with peer: no common encryption algorithm(s).

Please re-read the error message you were given.  It does not seem to be related to SNI at all.  It is more likely a problem with certain cipher-suite not being enabled by nss.  Could you please re-test with nss-3.20.0-1.1.fc22 and confirm whether the problem is fixed?

https://koji.fedoraproject.org/koji/buildinfo?buildID=685768
Comment 2 dev002 2015-09-29 06:18:02 EDT
Yes, works with nss-3.20.0-1.1.fc22 package.
Comment 3 Kamil Dudka 2015-09-29 06:22:44 EDT
Thanks for the confirmation!

*** This bug has been marked as a duplicate of bug 1185708 ***

Note You need to log in before you can comment on or make changes to this bug.