Cannot connect to website - SSL handshaking fails
- by ravenspoint
So I cannot connect to certain websites. Just a few, most are OK. The one I really care about is paypal.com.
I have done the usual things. Let's see:
Checked my etc/hosts
Flushed the DNS cache
Checked firewall
Switched on & off virus protection
Switched on and off ad blocking
pinged the sites
Eventually, I decided to look at what curl is saying in detail
== Info: About to connect() to www.paypal.com port 443 (#0)
== Info: Trying 66.211.169.2... == Info: connected
== Info: SSLv3, TLS handshake, Client hello (1):
=> Send SSL data, 110 bytes (0x6e)
0000: 01 00 00 6a 03 01 4f 6c aa 8c 57 2b 3d 1e 74 64 ...j..Ol..W+=.td
0010: c1 27 25 a5 3a 12 7f 3f 41 0a 17 15 2e c9 67 7c .'%.:.?A.....g|
0020: b3 e1 f6 9a db a9 00 00 2a 00 39 00 38 00 35 00 ........*.9.8.5.
0030: 16 00 13 00 0a 00 33 00 32 00 2f 00 07 00 05 00 ......3.2./.....
0040: 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 ................
0050: 03 00 ff 01 00 00 17 00 00 00 13 00 11 00 00 0e ................
0060: 77 77 77 2e 70 61 79 70 61 6c 2e 63 6f 6d www.paypal.com
(hangs here for ever)
This looks to me like paypal is refusing to reply to the first SSL handshake.
I don't know much about SSL, but compaing to the output from a site that works for me seems to make it obvious
== Info: About to connect() to www.cibc.com port 443 (#0)
== Info: Trying 159.231.80.200... == Info: connected
== Info: SSLv3, TLS handshake, Client hello (1):
=> Send SSL data, 108 bytes (0x6c)
0000: 01 00 00 68 03 01 4f 6c ad 6a 1f 67 d5 84 c4 4b ...h..Ol.j.g...K
0010: 0d 49 ae d6 b9 5b c3 63 f9 48 aa 18 da 43 d1 32 .I...[.c.H...C.2
0020: 47 ae 17 e5 cd e9 00 00 2a 00 39 00 38 00 35 00 G.......*.9.8.5.
0030: 16 00 13 00 0a 00 33 00 32 00 2f 00 07 00 05 00 ......3.2./.....
0040: 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 ................
0050: 03 00 ff 01 00 00 15 00 00 00 11 00 0f 00 00 0c ................
0060: 77 77 77 2e 63 69 62 63 2e 63 6f 6d www.cibc.com
== Info: SSLv3, TLS handshake, Server hello (2):
<= Recv SSL data, 74 bytes (0x4a)
0000: 02 00 00 46 03 01 00 00 58 cf 26 e2 e1 65 db 11 ...F....X.&..e..
0010: bc 6f 26 7b 3b 6d eb 14 5f ad 47 dd 86 ea 4d a3 .o&{;m.._.G...M.
0020: fb 9f b7 2a 54 3e 20 5f 6b 04 5a 12 38 64 5d 18 ...*T> _k.Z.8d].
0030: 65 9e e9 cd 61 eb 91 c1 16 25 61 30 bb 08 2a 78 e...a....%a0..*x
0040: b8 ee b8 7e f2 65 6a 00 04 00 ...~.ej...
== Info: SSLv3, TLS handshake, CERT (11):
... and so on - working nicely eventually get some nice HTML
Now I am reaaly stuck. This has been going on for five days, so I am pretty sure that the problem is not with paypal. But what on my system could be interfering with the SSL handshaking done by curl with this particular site?
I suppose I could not be offering any certificates that PayPal accepts, but wouldn't I get a reply telling me so, or at least giving an error?