Re: curl: (35) Cannot communicate securely with peer:

Aaron Siegel <admin@xxxxxxxxxxxxxxx> · Sat, 18 Oct 2014 11:14:46 -0600

Reindl 

Thank you for your post.

I am sorry for the second post, my transition to evolution is ...

I like to have a better understanding of this problem before I open a
bug report. 

Looking at the report openssl 1.01h has the cipher which support
www.kraxel.org certificate specifically the

	OpenSSL 1.0.1h	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
FS

It appears my cipher, openssl 1.01e, accepts the certificate used by
kraxel, the output of sslscan:
	Accepted	TLS12	256	ECDHE-RSA-AES256-GCM-SHA384 

So why does this not work?  Why would this be a bug if I just need to
upgrade openssl to 1.01h from 1.01e?

Thank for your assistance,

Aaron

On Sat, 2014-10-18 at 18:25 +0200, Reindl Harald wrote:
> Am 18.10.2014 um 18:15 schrieb Aaron Siegel:
> > I am stumped. I am trying to us the kraxel qemu repository, it appears
> > the repository moved to secure server since then I have not been able to
> > configure this properly. https://www.kraxel.org/repos/jenkins/
> > I receive the following error when I try to use the repository
> > curl: (35) Cannot communicate securely with peer: no common encryption
> > algorithm(s)
> 
> "no common encryption algorithm" should be pretty clear:
> 
> a) the server only offers weak ciphers you no longer support
> b) the server only offers modern ciphers you don't support
> 
> in fact b) is the case here and so you should open a bugreport against 
> NSS/Curl and not dig around in manually compile things and ruin your setup
> 
> https://www.ssllabs.com/ssltest/analyze.html?d=kraxel.org
> that server only accepts TLS1.2
> 
> [harry@srv-rhsoft:~]$ sslscan www.kraxel.org:443 | grep Accept
>      Accepted  TLS12  256 bits  ECDHE-RSA-AES256-GCM-SHA384
>      Accepted  TLS12  256 bits  ECDHE-RSA-AES256-SHA384
>      Accepted  TLS12  256 bits  DHE-RSA-AES256-GCM-SHA384
>      Accepted  TLS12  256 bits  DHE-RSA-AES256-SHA256
>      Accepted  TLS12  256 bits  AES256-GCM-SHA384
>      Accepted  TLS12  256 bits  AES256-SHA256
>      Accepted  TLS12  128 bits  ECDHE-RSA-AES128-GCM-SHA256
>      Accepted  TLS12  128 bits  ECDHE-RSA-AES128-SHA256
>      Accepted  TLS12  128 bits  DHE-RSA-AES128-GCM-SHA256
>      Accepted  TLS12  128 bits  DHE-RSA-AES128-SHA256
>      Accepted  TLS12  128 bits  AES128-GCM-SHA256
>      Accepted  TLS12  128 bits  AES128-SHA256
> 
> 
> 

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos