Power

 View Only

  • 1.  CURL version is still using TLS1 instead of TLS1.2

    Posted Wed June 26, 2024 10:34 AM

    I have a treasury app that is supposed to authenticate using entrust. Once I launch the app and try to authenticate using the 2FA which is built using Entrust12, it gives an error. Drilling down the error on the treasury server, it shows that a client "libcurl client" is running using TLS1 instead of TLS1.2. Please help me resolve this challenge as it is affecting services.



    ------------------------------
    UNIX TEAM
    ------------------------------


  • 2.  RE: CURL version is still using TLS1 instead of TLS1.2

    Posted Wed June 26, 2024 12:05 PM
    Edited by James Lohman Wed June 26, 2024 12:14 PM

    You need to check all of your libcurl and openssl components. curl 7.61 and 8.7.1 both support tls 1.2.

    curl -V
    curl 8.7.1 (powerpc-ibm-aix7.1.5.0) libcurl/8.7.1 OpenSSL/1.1.1v zlib/1.2.13 libssh2/1.10.0 nghttp2/1.58.0 OpenLDAP/2.5.16

    It does connect via tls 1.2:
    curl -s --tlsv1.2 -d 

    With no issues.

    Try connecting to your server with openssl:

    openssl s_client -connect hostname:443 -tls1_2

    or

    openssl s_client -connect hostname:443 -tls1_3

    If you see a section about:
    Post-Handshake New Session Ticket arrived:
    SSL-Session:
        Protocol  : TLSv1.3

    (search for Protocol)

    Then you connected and received a ticket. 



    ------------------------------
    James Lohman
    ------------------------------

    Original Message


Related Content