1 _ _ ____ _ 2 ___| | | | _ \| | 3 / __| | | | |_) | | 4 | (__| |_| | _ <| |___ 5 \___|\___/|_| \_\_____| 6 7# SSL problems 8 9 First, let's establish that we often refer to TLS and SSL interchangeably as 10 SSL here. The current protocol is called TLS, it was called SSL a long time 11 ago. 12 13 There are several known reasons why a connection that involves SSL might 14 fail. This is a document that attempts to details the most common ones and 15 how to mitigate them. 16 17## CA certs 18 19 CA certs are used to digitally verify the server's certificate. You need a 20 "ca bundle" for this. See lots of more details on this in the SSLCERTS 21 document. 22 23## CA bundle missing intermediate certificates 24 25 When using said CA bundle to verify a server cert, you will experience 26 problems if your CA store does not contain the certificates for the 27 intermediates if the server doesn't provide them. 28 29 The TLS protocol mandates that the intermediate certificates are sent in the 30 handshake, but as browsers have ways to survive or work around such 31 omissions, missing intermediates in TLS handshakes still happen that 32 browser-users won't notice. 33 34 Browsers work around this problem in two ways: they cache intermediate 35 certificates from previous transfers and some implement the TLS "AIA" 36 extension that lets the client explicitly download such certificates on 37 demand. 38 39## Protocol version 40 41 Some broken servers fail to support the protocol negotiation properly that 42 SSL servers are supposed to handle. This may cause the connection to fail 43 completely. Sometimes you may need to explicitly select a SSL version to use 44 when connecting to make the connection succeed. 45 46 An additional complication can be that modern SSL libraries sometimes are 47 built with support for older SSL and TLS versions disabled! 48 49 All versions of SSL and the TLS versions before 1.2 are considered insecure 50 and should be avoided. Use TLS 1.2 or later. 51 52## Ciphers 53 54 Clients give servers a list of ciphers to select from. If the list doesn't 55 include any ciphers the server wants/can use, the connection handshake 56 fails. 57 58 curl has recently disabled the user of a whole bunch of seriously insecure 59 ciphers from its default set (slightly depending on SSL backend in use). 60 61 You may have to explicitly provide an alternative list of ciphers for curl 62 to use to allow the server to use a WEAK cipher for you. 63 64 Note that these weak ciphers are identified as flawed. For example, this 65 includes symmetric ciphers with less than 128 bit keys and RC4. 66 67 Schannel in Windows XP is not able to connect to servers that no longer 68 support the legacy handshakes and algorithms used by those versions, so we 69 advice against building curl to use Schannel on really old Windows versions. 70 71 References: 72 73 https://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01 74 75## Allow BEAST 76 77 BEAST is the name of a TLS 1.0 attack that surfaced 2011. When adding means 78 to mitigate this attack, it turned out that some broken servers out there in 79 the wild didn't work properly with the BEAST mitigation in place. 80 81 To make such broken servers work, the --ssl-allow-beast option was 82 introduced. Exactly as it sounds, it re-introduces the BEAST vulnerability 83 but on the other hand it allows curl to connect to that kind of strange 84 servers. 85 86## Disabling certificate revocation checks 87 88 Some SSL backends may do certificate revocation checks (CRL, OCSP, etc) 89 depending on the OS or build configuration. The --ssl-no-revoke option was 90 introduced in 7.44.0 to disable revocation checking but currently is only 91 supported for Schannel (the native Windows SSL library), with an exception 92 in the case of Windows' Untrusted Publishers block list which it seems can't 93 be bypassed. This option may have broader support to accommodate other SSL 94 backends in the future. 95 96 References: 97 98 https://curl.se/docs/ssl-compared.html 99