Asked  4 Months ago    Answers:  5   Viewed   1.9k times

When I try to connect to any server (e.g. google.com) using curl (or libcurl) I get the error message:

curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Verbose output:

$ curl www.google.com --verbose  
* Rebuilt URL to: www.google.com/  
* Uses proxy env variable no_proxy == 'localhost,127.0.0.1,localaddress,.localdomain.com'  
* Uses proxy env variable http_proxy == 'https://proxy.in.tum.de:8080'  
*   Trying 131.159.0.2...  
* TCP_NODELAY set  
* Connected to proxy.in.tum.de (131.159.0.2) port 8080 (#0)  
* successfully set certificate verify locations:  
*   CAfile: /etc/ssl/certs/ca-certificates.crt  
  CApath: none  
* TLSv1.3 (OUT), TLS handshake, Client hello (1):  
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number  
* Closing connection 0  
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number'  

For some reason curl seems to use TLSv1.3 even if I force it to use TLSv1.2 with the command --tlsv1.2 (it will still print TLSv1.3 (OUT), ..." I am using the newest version of both Curl and OpenSSL :

$ curl -V  
curl 7.61.0-DEV (x86_64-pc-linux-gnu) libcurl/7.61.0-DEV OpenSSL/1.1.1 zlib/1.2.8  
Release-Date: [unreleased]  
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp  
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy  

I think this is a problem related to my installation of the programms. Can somebody explain to me what this error message means?

 Answers

20
* Uses proxy env variable http_proxy == 'https://proxy.in.tum.de:8080'   
                                         ^^^^^

The https:// is wrong, it should be http://. The proxy itself should be accessed by HTTP and not HTTPS even though the target URL is HTTPS. The proxy will nevertheless properly handle HTTPS connection and keep the end-to-end encryption. See HTTP CONNECT method for details how this is done.

Wednesday, June 16, 2021
 
insomiac
answered 4 Months ago
89

Paypal now supports only TLS 1.2 on the sandbox (and in June the same will apply to production systems). If you want to use TLS 1.2 you'll need to upgrade to OpenSSL 1.0.1+ as a minimum, and then you'll be able to set CURLOPT_SSLVERSION to 6 (TLS 1.2). If you want TLS 1.2 to be used automatically during SSL requests, you'll also need to upgrade to PHP 5.5.19+ (this is the ideal solution but many projects are still on older PHP versions).

However, you've said you're on shared hosting and can't upgrade the software yourself...so you're out of luck. My advice would be to get away from whatever hosting provider is still stuck on OpenSSL 0.9.8.

Reference: https://devblog.paypal.com/upcoming-security-changes-notice/

Saturday, May 29, 2021
 
McAn
answered 5 Months ago
46

It usually happens when the certificate does not match with the host name.

The solution would be to contact the host and ask it to fix its certificate.
Otherwise you can turn off cURL's verification of the certificate, use the -k (or --insecure) option.
Please note that as the option said, it is insecure. You shouldn't use this option because it allows man-in-the-middle attacks and defeats the purpose of HTTPS.

More can be found in here: http://curl.haxx.se/docs/sslcerts.html

Sunday, August 1, 2021
 
c0m4
answered 3 Months ago
16

Yes, using System.Diagnostics.FileVersionInfo.

string fileVersion = FileVersionInfo.GetVersionInfo(file).FileVersion;
string productVersion = FileVersionInfo.GetVersionInfo(file).ProductVersion;

Be advised that the file version of an assembly could be different from its assembly version. The assembly version is part of the assembly's identity.

Tuesday, August 3, 2021
 
Johnson
answered 3 Months ago
64

Most places use something like this:

Major Release.Minor Release.Hot Fix.Build

Your version numbers would look like 1.5.0.15, etc.

Sunday, August 8, 2021
 
Georges Dupret
answered 2 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :