1

I'm running on Windows. If I call this from command line:

curl https://dev.azure.com

It returns error:

curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed

This is important because sometimes I use curl to download files from Azure devops.

twasbrillig
  • 17,084
  • 9
  • 43
  • 67
  • Are you running this curl command in PowerShell? Or in CMD? In PowerShell, `curl` is an alias for Invoke-WebRequest, and you'd have to [specifically enable TLS 1.2](https://stackoverflow.com/questions/41674518/powershell-setting-security-protocol-to-tls-1-2) if you want to talk to a site that doesn't support older TLS. – mason Jan 31 '22 at 21:21
  • Does this answer your question? [Powershell Setting Security Protocol to Tls 1.2](https://stackoverflow.com/questions/41674518/powershell-setting-security-protocol-to-tls-1-2) – mason Jan 31 '22 at 21:26
  • mason: Thanks, but what fixed the issue was to set the TLS cipher suites to "best practices" level using IIS Crypto. Enabling and setting TLS 1.2 wasn't helping, and turning off TLS 1.0/1.1 wasn't fixing the issue either. – twasbrillig Jan 31 '22 at 23:01

1 Answers1

0

This was fixed by downloading IISCryptoCLI.exe from https://www.nartac.com/Products/IISCrypto and running:

IISCryptoCli.exe /template pci32 /reboot

(IISCryptoCli.exe /template best /reboot works too, but I wanted to disable TLS 1.0 and 1.1 by using pci32 instead.)

twasbrillig
  • 17,084
  • 9
  • 43
  • 67