rnixik/docker-openssl-gost

When I try use curl I get error 35

Opened this issue · 19 comments

I write comand curl https://portal.rosreestr.ru:4433 -k and get error curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure. What I am doing wrong?

Does this site work with any other software without a client certificate?

No. It shold work only with authorization by certificate. And the user must also send his certificate too. I have not yet learned how to do it with curl, but I thought that I got other type of error.

Could you try
curl https://portal.rosreestr.ru:4433 -k -v --key key.pem --cert cert.pem
with your key.pem and cert.pem and show output?

I have only cer file. No private key. How to get it from cer file?

It depends on format. Do you have -----BEGIN PRIVATE KEY----- in your cer file?

No. I think publick and private key are in it.

Do you have something like ----- ***** -----?

No. I hava 0‚�E0‚�ф �������ч�°zД Ъ»з� in this file when I open it by notepad++

It's probably in DER-format. You can try openssl x509 -inform der -in certificate.cer -out certificate.pem to convert it to pem and then look with notepad++.

Yes, it is works. I got -----BEGIN CERTIFICATE-----.

Do you have -----BEGIN PRIVATE KEY----- somewhere in the file?

No. Mybe to need use special console key for get the private key ?

Usually, obtaining private key is part of process of generating (obtaining) client certificate. Could you describe how did you get your cer?

Do you hava a telegram account?

Sorry, I don't do such kind of support.

Ok. In short, I only have this certificate.

Currently, I don't know the reason of the error.

Maybe this servise use different algoritms? How to change connection algoritm?

This server does not support TLS 1.1, TLS 1.2, TLS 1.3 but TLS1.0. May be it supports SSLv3, but curl in docker does not support it.