Issues establising SSL connection after a wget command
matt at openssl.org
Tue Jun 18 09:48:14 UTC 2019
On 17/06/2019 21:29, Eric Ntonfo wrote:
> I am running an Ubuntu 12.04 TLS server and can't use wget to download software
> The command
> wget http://curl.haxx.se/download/curl-7.63.0.tar.bz2
> fails with the following error
> --2019-06-17 22:10:11-- http://curl.haxx.se/download/curl-7.63.0.tar.bz2
> Resolving curl.haxx.se (curl.haxx.se)... 2a04:4e42:9::561, 22.214.171.124
> Connecting to curl.haxx.se (curl.haxx.se)|2a04:4e42:9::561|:80... connected.
> HTTP request sent, awaiting response... 301 Moved Permanently
> Location: https://curl.haxx.se/download/curl-7.63.0.tar.bz2 [following]
> --2019-06-17 22:10:11-- https://curl.haxx.se/download/curl-7.63.0.tar.bz2
> Connecting to curl.haxx.se (curl.haxx.se)|2a04:4e42:9::561|:443... connected.
> *OpenSSL: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
> protocol version*
> Unable to establish SSL connection.
You get this error when the client is offering a version of TLS that is too low
for the server. I just did some tests and it appears that this server will
refuse to connect with anything less than TLSv1.2.
That should be fine with both OpenSSL 1.0.1 and OpenSSL 1.0.2. Both of those
support TLSv1.2 and will offer it by default. However an application can
override the defaults. My suspicion is that your version of wget is old and, for
some reason, is overriding the default TLS version and requiring some earlier
Upgrading wget might work.
> I am unable to fix this issue. I have upgraded from openssl 1.0.1 on my Ubuntu
> box to openssl 1.0.2 having heard that this latest version fix the bug
> But still having it.
> Can someone help please?
More information about the openssl-users