{"id":1000,"date":"2015-09-29T18:11:14","date_gmt":"2015-09-29T22:11:14","guid":{"rendered":"https:\/\/www.redline13.com\/blog\/?p=1000"},"modified":"2022-01-03T20:01:10","modified_gmt":"2022-01-04T01:01:10","slug":"ssl-update","status":"publish","type":"post","link":"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/","title":{"rendered":"SSL Update"},"content":{"rendered":"<p>We upgraded the agents with updated version of curl to better support testing sites with SSL and ciphers that were only supported \u00a0via command line options passed into curl.<\/p>\n<p>A user reported that testing a site such as\u00a0https:\/\/sslspdy.com would return an error<\/p>\n<blockquote><p>Cannot communicate securely with peer: no common encryption algorithm(s).<\/p><\/blockquote>\n<p>This is noted as a resolved issue in RHEL (<a href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1058776\">curl does not support ECDSA certificates<\/a>) \u00a0and unresolved in Fedora (<a href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1185708\">NSS does not enable ECC cipher-suites by default<\/a>)<\/p>\n<p>and as summarized on this <a href=\"http:\/\/serverfault.com\/questions\/662182\/curl-on-fedora-does-not-accept-cloudflare-https?newreg=12bf8f60f2854cbca83368a015aa4c20\">serverfault answer<\/a><\/p>\n<blockquote><p>The common factor with both of these sites is that they use ECC SSL certificates to secure their https connections, rather than the traditional RSA certificates used by most sites. These are currently very rare, but they are expected to increase in popularity in the future.<\/p>\n<p>Both the versions of curl and NSS in use were built with ECC and therefore ought to support these certificates, so I think you&#8217;ve run into a bug in Fedora and should report it. A <a href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1058776\" rel=\"nofollow\">related bug<\/a> was recently fixed in RHEL 7.<\/p><\/blockquote>\n<p>This is visible in a vanilla AWS AMI as well<\/p>\n<ul>\n<li><a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2015\/09\/Screen-Shot-2015-09-29-at-4.11.23-PM.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1002\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2015\/09\/Screen-Shot-2015-09-29-at-4.11.23-PM.png\" alt=\"Screen Shot 2015-09-29 at 4.11.23 PM\" width=\"1884\" height=\"228\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2015\/09\/Screen-Shot-2015-09-29-at-4.11.23-PM.png 1884w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2015\/09\/Screen-Shot-2015-09-29-at-4.11.23-PM-300x36.png 300w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2015\/09\/Screen-Shot-2015-09-29-at-4.11.23-PM-1024x124.png 1024w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2015\/09\/Screen-Shot-2015-09-29-at-4.11.23-PM-768x93.png 768w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2015\/09\/Screen-Shot-2015-09-29-at-4.11.23-PM-1536x186.png 1536w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2015\/09\/Screen-Shot-2015-09-29-at-4.11.23-PM-1568x190.png 1568w\" sizes=\"auto, (max-width: 1884px) 100vw, 1884px\" \/><\/a><\/li>\n<\/ul>\n<p>After updating to\u00a0recent branch of curl and using &#8211;with-sssl this issue is resolved. \u00a0 If you want to confirm on your account you can clone this simple url test &#8211;\u00a0<a href=\"https:\/\/www.redline13.com\/share\/testplan\/17947\">https:\/\/www.redline13.com\/share\/testplan\/17947<\/a><\/p>\n<h2>Rebuilding Curl<\/h2>\n<p>For those that have this issue on their own servers or projects, we posted more of the details below. \u00a0If you want test on your own server and rebuild curl here are the quick steps we used for curl on centos, in my case standard AWS AMI.<\/p>\n<p><strong>#1<\/strong> Get the parameters used to build your current CURL from the command line<\/p>\n<pre>sudo su\n yum install libcurl-devel\n curl-config --configure\n\/\/ update options to use --with-ssl<\/pre>\n<p><strong>#2<\/strong> Some packages required<\/p>\n<pre>yum install\u00a0git libtool openssl-devel gnutls-devel nss-devel libssh2-devel<\/pre>\n<p><strong>#3<\/strong> Going to need the source code<\/p>\n<pre>git clone https:\/\/github.com\/bagder\/curl.git\ncd curl<\/pre>\n<p><strong>#4<\/strong> Configure and Build Steps<\/p>\n<pre>.\/buildconf\n .\/configure \u00a0'--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-amazon-linux-gnu' '--program-prefix=' '--prefix=\/usr' '--exec-prefix=\/usr' '--bindir=\/usr\/bin' '--sbindir=\/usr\/sbin' '--sysconfdir=\/etc' '--datadir=\/usr\/share' '--includedir=\/usr\/include' '--libdir=\/usr\/lib64' '--libexecdir=\/usr\/libexec' '--localstatedir=\/var' '--sharedstatedir=\/var\/lib' '--mandir=\/usr\/share\/man' '--infodir=\/usr\/share\/info' '--disable-static' '--enable-symbol-hiding' '--enable-ipv6' '--enable-ldaps' '--enable-manual' '--enable-threaded-resolver' '--with-ca-bundle=\/etc\/pki\/tls\/certs\/ca-bundle.crt' '--with-gssapi' '--with-libidn' '--with-libssh2' '--with-ssl' '--with-nss' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-amazon-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'\n make\n make install<\/pre>\n<p><strong>#5<\/strong> Test<\/p>\n<pre>curl https:\/\/sslspdy.com\n\n<a href=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2015\/09\/Screen-Shot-2015-09-29-at-6.01.43-PM.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1007\" src=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2015\/09\/Screen-Shot-2015-09-29-at-6.01.43-PM.png\" alt=\"Screen Shot 2015-09-29 at 6.01.43 PM\" width=\"717\" height=\"48\" srcset=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2015\/09\/Screen-Shot-2015-09-29-at-6.01.43-PM.png 717w, https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2015\/09\/Screen-Shot-2015-09-29-at-6.01.43-PM-300x20.png 300w\" sizes=\"auto, (max-width: 717px) 100vw, 717px\" \/><\/a><\/pre>\n<p>Success.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We upgraded the agents with updated version of curl to better support testing sites with SSL and ciphers that were only supported \u00a0via command line options passed into curl. A user reported that testing a site such as\u00a0https:\/\/sslspdy.com would return an error Cannot communicate securely with peer: no common encryption algorithm(s). This is noted as a resolved issue in RHEL (curl does not support ECDSA certificates) \u00a0and unresolved in Fedora (NSS does not enable ECC cipher-suites<a class=\"more-link\" href=\"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/\">Read More &rarr;<\/a><\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,50],"tags":[154],"class_list":{"0":"entry","1":"post","2":"publish","3":"author-richardfriedman","4":"post-1000","6":"format-standard","7":"category-blog","8":"category-updates","9":"post_tag-curl"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.12 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SSL Update - RedLine13<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SSL Update - RedLine13\" \/>\n<meta property=\"og:description\" content=\"We upgraded the agents with updated version of curl to better support testing sites with SSL and ciphers that were only supported \u00a0via command line options passed into curl. A user reported that testing a site such as\u00a0https:\/\/sslspdy.com would return an error Cannot communicate securely with peer: no common encryption algorithm(s). This is noted as a resolved issue in RHEL (curl does not support ECDSA certificates) \u00a0and unresolved in Fedora (NSS does not enable ECC cipher-suitesRead More &rarr;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/\" \/>\n<meta property=\"og:site_name\" content=\"RedLine13\" \/>\n<meta property=\"article:published_time\" content=\"2015-09-29T22:11:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-01-04T01:01:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2015\/09\/Screen-Shot-2015-09-29-at-4.11.23-PM.png\" \/>\n<meta name=\"author\" content=\"Rich Friedman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rich Friedman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/\"},\"author\":{\"name\":\"Rich Friedman\",\"@id\":\"https:\/\/www.redline13.com\/blog\/#\/schema\/person\/0fadb7f3ef665407f3c93c8ec84e741a\"},\"headline\":\"SSL Update\",\"datePublished\":\"2015-09-29T22:11:14+00:00\",\"dateModified\":\"2022-01-04T01:01:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/\"},\"wordCount\":304,\"publisher\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/#organization\"},\"keywords\":[\"curl\"],\"articleSection\":[\"Blog\",\"Updates\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/\",\"url\":\"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/\",\"name\":\"SSL Update - RedLine13\",\"isPartOf\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/#website\"},\"datePublished\":\"2015-09-29T22:11:14+00:00\",\"dateModified\":\"2022-01-04T01:01:10+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.redline13.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SSL Update\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.redline13.com\/blog\/#website\",\"url\":\"https:\/\/www.redline13.com\/blog\/\",\"name\":\"RedLine13\",\"description\":\"(Almost) Free Load Testing in the Cloud\",\"publisher\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.redline13.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.redline13.com\/blog\/#organization\",\"name\":\"RedLine13\",\"url\":\"https:\/\/www.redline13.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.redline13.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2013\/06\/cropped-rl13-header-logo.jpg\",\"contentUrl\":\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2013\/06\/cropped-rl13-header-logo.jpg\",\"width\":300,\"height\":68,\"caption\":\"RedLine13\"},\"image\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.redline13.com\/blog\/#\/schema\/person\/0fadb7f3ef665407f3c93c8ec84e741a\",\"name\":\"Rich Friedman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.redline13.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8651ce662fc18353b90c1922f9d29efb01173afa5500224b4d9a355d858a7bd9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8651ce662fc18353b90c1922f9d29efb01173afa5500224b4d9a355d858a7bd9?s=96&d=mm&r=g\",\"caption\":\"Rich Friedman\"},\"sameAs\":[\"http:\/\/richardfriedman@yahoo.com\"],\"url\":\"https:\/\/www.redline13.com\/blog\/author\/richardfriedman\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SSL Update - RedLine13","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/","og_locale":"en_US","og_type":"article","og_title":"SSL Update - RedLine13","og_description":"We upgraded the agents with updated version of curl to better support testing sites with SSL and ciphers that were only supported \u00a0via command line options passed into curl. A user reported that testing a site such as\u00a0https:\/\/sslspdy.com would return an error Cannot communicate securely with peer: no common encryption algorithm(s). This is noted as a resolved issue in RHEL (curl does not support ECDSA certificates) \u00a0and unresolved in Fedora (NSS does not enable ECC cipher-suitesRead More &rarr;","og_url":"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/","og_site_name":"RedLine13","article_published_time":"2015-09-29T22:11:14+00:00","article_modified_time":"2022-01-04T01:01:10+00:00","og_image":[{"url":"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2015\/09\/Screen-Shot-2015-09-29-at-4.11.23-PM.png"}],"author":"Rich Friedman","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rich Friedman","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/#article","isPartOf":{"@id":"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/"},"author":{"name":"Rich Friedman","@id":"https:\/\/www.redline13.com\/blog\/#\/schema\/person\/0fadb7f3ef665407f3c93c8ec84e741a"},"headline":"SSL Update","datePublished":"2015-09-29T22:11:14+00:00","dateModified":"2022-01-04T01:01:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/"},"wordCount":304,"publisher":{"@id":"https:\/\/www.redline13.com\/blog\/#organization"},"keywords":["curl"],"articleSection":["Blog","Updates"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/","url":"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/","name":"SSL Update - RedLine13","isPartOf":{"@id":"https:\/\/www.redline13.com\/blog\/#website"},"datePublished":"2015-09-29T22:11:14+00:00","dateModified":"2022-01-04T01:01:10+00:00","breadcrumb":{"@id":"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.redline13.com\/blog\/2015\/09\/ssl-update\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.redline13.com\/blog\/"},{"@type":"ListItem","position":2,"name":"SSL Update"}]},{"@type":"WebSite","@id":"https:\/\/www.redline13.com\/blog\/#website","url":"https:\/\/www.redline13.com\/blog\/","name":"RedLine13","description":"(Almost) Free Load Testing in the Cloud","publisher":{"@id":"https:\/\/www.redline13.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.redline13.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.redline13.com\/blog\/#organization","name":"RedLine13","url":"https:\/\/www.redline13.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.redline13.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2013\/06\/cropped-rl13-header-logo.jpg","contentUrl":"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2013\/06\/cropped-rl13-header-logo.jpg","width":300,"height":68,"caption":"RedLine13"},"image":{"@id":"https:\/\/www.redline13.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.redline13.com\/blog\/#\/schema\/person\/0fadb7f3ef665407f3c93c8ec84e741a","name":"Rich Friedman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.redline13.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8651ce662fc18353b90c1922f9d29efb01173afa5500224b4d9a355d858a7bd9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8651ce662fc18353b90c1922f9d29efb01173afa5500224b4d9a355d858a7bd9?s=96&d=mm&r=g","caption":"Rich Friedman"},"sameAs":["http:\/\/richardfriedman@yahoo.com"],"url":"https:\/\/www.redline13.com\/blog\/author\/richardfriedman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/posts\/1000","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/comments?post=1000"}],"version-history":[{"count":1,"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/posts\/1000\/revisions"}],"predecessor-version":[{"id":8669,"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/posts\/1000\/revisions\/8669"}],"wp:attachment":[{"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/media?parent=1000"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/categories?post=1000"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/tags?post=1000"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}