5

When I try to execute this curl command :

curl -v --key some_key_file.key --cert certificate_file.pem --show-error --header "Content-Type: application/json;charset=UTF-8" https://some-api/service

I get the following error : curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed

And the full execution log :

enter image description here

I have searched this error online and haven't found anyone explaining what it really meant.

  • Do you have any idea what the source cause could be ?
  • And do you know if there is a way to get more information about the error ?
Lucas Charbonnier
  • 441
  • 1
  • 4
  • 11
  • 1
    Please don't post text as images. As for your problem: hard to tell just based on this output but maybe the server simply is not properly configured to support HTTPS on this port. But might also be some DPI firewall blocking the traffic. Did you try with another client (like a browser) from exactly the same system and did you succeed? – Steffen Ullrich Oct 19 '20 at 13:21
  • @Steffen I tried putting the URL on Chrome but obviously the connection is refused because I can't provide my specific certificate. – Lucas Charbonnier Oct 19 '20 at 13:32
  • It is possible to use import client certificates with Chrome, i.e. you should be able to import it for testing. – Steffen Ullrich Oct 19 '20 at 15:05

4 Answers4

2

Turns out the problem was with my curl version which, for some reason didn't accept the arguments --cert and --key.

To solve the problem, I installed a completely new curl version and ran it from the instllation folder and it worked.

Lucas Charbonnier
  • 441
  • 1
  • 4
  • 11
2

Run the command from the path where you have curl package. if you place in c:\curl goto this path and run the curl command it will work.

1

This error happens when you are behind a 7 layer firewall (i.e Palo Alto) that Allow SSL connections only via application, so you have to configure 2 rules in such solution.

  1. Allow 443 or whatever port with higher priority
  2. Allow Application SSL with lower priority
0

I also try installing latest curl (given below) but it didn't solve my issue.

curl 7.77.0 (x86_64-pc-win32) libcurl/7.77.0 OpenSSL/1.1.1k (Schannel) zlib/1.2.11 brotli/1.0.9 zstd/1.5.0 libidn2/2.3.1 libssh2/1.9.0 nghttp2/1.43.0 libgsasl/1.10.0 Release-Date: 2021-05-26 Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: alt-svc AsynchDNS brotli gsasl HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI TLS-SRP Unicode UnixSockets zstd

Ashish Sharma
  • 574
  • 7
  • 18