TL;DR
I'm trying to reach an URI which only takes SSLv3. If I try to access it with curl or Python requests (which uses the ssl module) it doesn't work (different errors).
Some longer explanation
There's this API who has this URI: https://api.mercadolibre.com/sites/MLA/search?q=ipod
-
If I try to access that URI with the browser, it works fine (Chrome and FF).
-
If I try to curl it:
curl -Iv https://api.mercadolibre.com/sites/MLA/search?q=ipod
it doesn't work. The error returned is:curl: (35) Unknown SSL protocol error in connection to api.mercadolibre.com:443
-
Forcing curl to use SSLv3 works fine:
curl --sslv3 -Iv https://api.mercadolibre.com/sites/MLA/search?q=ipod
-
openssl s_client -connect api.mercadolibre.com:443
answers with:
CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 305 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE ---
How can it be possible that the browser is connecting Ok and curl and Python are not? How should I fix this? Is this even my problem (or the owner of the API)?
Info about my system
- Ubuntu 14.04
- OpenSSL 1.0.1f 6 Jan 2014
Best Answer
At the time this question was asked, the site in question supported only a small selection of very weak cipher suites and had very little compatibility with modern user agents. Thus it was impossible for most browsers or even robots to negotiate a connection, let alone a secure one.
The site has been (mostly) fixed since; while it still has weak cipher suites and other problems, it should at least be functional.