Aaron Siegel
2014-Oct-18 16:15 UTC
[CentOS] curl: (35) Cannot communicate securely with peer:
Hello I am stumped. I am trying to us the kraxel qemu repository, it appears the repository moved to secure server since then I have not been able to configure this properly. https://www.kraxel.org/repos/jenkins/ I receive the following error when I try to use the repository curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s). I have discovered this problem on my fedora 20 computer, the fedora mailing list will not accept my email, I am experiencing this problem with curl on both my Centos and fedora systems. I receive the same error with centos 7 minimal installation and fedora 20. What am I doing wrong, I have recently switch to the Fedora platform, I have not read all the manuals but trying. I have imported the gpg keys that Kraxel has posted on his blog using rpm --import. I can only download file through my web browser. I was going to clone his git repository and set up a local repository, bit git report the same error. Which leads me to believe the problem is with my certificates. I have even tried the firefox-db2pem.sh, I am not sure it did anything. Does curl need to be recompiled with nss support? Is there a package I need to compile? nss 3.17.2 is installed, non of the man page work. Looking deeper into the nss, # certutil -L certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format. I think there is something wrong with my nss certificates, but I have run out of time. Any suggestions. This is on a brand new installation Fedora 20 and Centos 7, I have not had time to break anything. The openssl command connect with the server, is $ openssl s_client -connect www.kraxel.org:443 The curl output is posted below in fedora system the output for the centos is the same with the exception of the curl and nss versions: $ curl -v https://www.kraxel.org/repos/jenkins/repodata/repomd.xml * Adding handle: conn: 0x6bea60 * Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0x6bea60) send_pipe: 1, recv_pipe: 0 * About to connect() to www.kraxel.org port 443 (#0) * Trying 217.197.83.6... * Connected to www.kraxel.org (217.197.83.6) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP) * Cannot communicate securely with peer: no common encryption algorithm(s). * Error in TLS handshake, trying SSLv3...> GET /repos/jenkins/repodata/repomd.xml HTTP/1.1 > User-Agent: curl/7.32.0 > Host: www.kraxel.org > Accept: */* >* Connection died, retrying a fresh connect * Closing connection 0 * Issue another request to this URL: 'https://www.kraxel.org/repos/jenkins/repodata/repomd.xml' * About to connect() to www.kraxel.org port 443 (#1) * Trying 217.197.83.6... * Adding handle: conn: 0x6bea60 * Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 1 (0x6bea60) send_pipe: 1, recv_pipe: 0 * Connected to www.kraxel.org (217.197.83.6) port 443 (#1) * TLS disabled due to previous handshake failure * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP) * Cannot communicate securely with peer: no common encryption algorithm(s). * Closing connection 1 curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).
Possibly Parallel Threads
Wisdom of the Ancients
