Ubuntu
curl package

OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection

Bug #2073448 reported by Ruben Suarez Alvarez
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
curl (Ubuntu)
New
Undecided
Unassigned

Bug Description

The problem seems to affect only Ubuntu 24.04 Arm64. It works as expected in Ubuntu 24.04 Amd64.

For further information see: https://github.com/curl/curl/issues/14154

### I did this

```bash
curl -vvv https://dotnet.microsoft.com/
* Host dotnet.microsoft.com:443 was resolved.
* IPv6: 2620:1ec:bdf::43
* IPv4: 13.107.246.43
* Trying 13.107.246.43:443...
* Connected to dotnet.microsoft.com (13.107.246.43) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to dotnet.microsoft.com:443
* Closing connection
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to dotnet.microsoft.com:443
```

### I expected the following

I expected no SSL error as **openssl** seem to be working as expected:

```bash
openssl s_client -connect dotnet.microsoft.com:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
verify return:1
depth=0 C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.microsoft.com
verify return:1
---
Certificate chain
 0 s:C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.microsoft.com
   i:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384
   v:NotBefore: Jun 25 20:36:42 2024 GMT; NotAfter: Jun 20 20:36:42 2025 GMT
 1 s:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
   v:NotBefore: Jun 8 00:00:00 2023 GMT; NotAfter: Aug 25 23:59:59 2026 GMT
 2 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Aug 1 12:00:00 2013 GMT; NotAfter: Jan 15 12:00:00 2038 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIIbjCCBlagAwIBAgITMwBqsN0udUZDvIEukgAAAGqw3TANBgkqhkiG9w0BAQwF
ADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
MS4wLAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgUlNBIFRMUyBJc3N1aW5nIENBIDAz
MB4XDTI0MDYyNTIwMzY0MloXDTI1MDYyMDIwMzY0MlowazELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv
ZnQgQ29ycG9yYXRpb24xHTAbBgNVBAMTFGRvdG5ldC5taWNyb3NvZnQuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZD+C6LaJAjEgKDLOH643bUB
WLdi3kO2GRUsk4DwfZ6KAAs0nkY9ltpUZgpE+Mm8dNuNCWewU3MpuQgMptOfCuf7
ukkyO2gbo5Wko/U0ilNQ+0T2mTg43U7h+LQfnBcAPyidTUQYR+hfoZIFauBAVygT
d9dByKjdkUC/bQA8I0/CaJV62qt4rAptuO8n94M9TcwHGzKKKNkq1ByInbEomLef
Npm8SfxXoz+3JqTt2isUJuvN/NxkbFAAKgj5DbXdfypbLxXSqxjh1ThyAvhchQ1e
XdjkYs0ogl9/dmgcon5ojAd6F2ty+EIayOpZzLtRVZEnU10ZpP/QRBDbYrlRFQID
AQABo4IEFzCCBBMwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AE51oydcmhDD
OFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABkFEmpOcAAAQDAEcwRQIhAIIpI3la
ULEsaDpC+KwWQdoMDPMDO18Rs3XbNozqkoVZAiAdAah3WKvDZUvqGZ1xLVq8AeQk
j0eI7ccMwijHvT+XJgB2AH1ZHhLheCp7HGFnfF79+NCHXBSgTpWeuQMv2Q6MLnm4
AAABkFEmpPoAAAQDAEcwRQIgDtEZs9YRgwl1LFh0Qe9zHpYaqh4uPrvOKGacN0sP
ThACIQDu5FjzJCHOdhIYYEi3E9eUYa5hkaFfGqNdkW+f7f6ymAB3AOCSs/wMHcjn
aDYf3mG5lk0KUngZinLWcsSwTaVtb1QEAAABkFEmpWkAAAQDAEgwRgIhAK3IH/kH
6xxYXiKqus9p+HOzLZ5V7QD3WLdH5d4iE+cDAiEAu7vlX3NjwcVV9Q0qad5oRq+J
gWoTe4I129rn+Nwg8dswJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggr
BgEFBQcDATA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiHvdcbgefrRoKBnS6O
0AyH8NodXYKE5WmC86c+AgFkAgEmMIG0BggrBgEFBQcBAQSBpzCBpDBzBggrBgEF
BQcwAoZnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNy
b3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUyMElzc3VpbmclMjBDQSUyMDAzJTIw
LSUyMHhzaWduLmNydDAtBggrBgEFBQcwAYYhaHR0cDovL29uZW9jc3AubWljcm9z
b2Z0LmNvbS9vY3NwMB0GA1UdDgQWBBR9TKvzmHG1MV1ddWm5+vC6YXanqjAOBgNV
HQ8BAf8EBAMCBaAwHwYDVR0RBBgwFoIUZG90bmV0Lm1pY3Jvc29mdC5jb20wDAYD
VR0TAQH/BAIwADBqBgNVHR8EYzBhMF+gXaBbhllodHRwOi8vd3d3Lm1pY3Jvc29m
dC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUy
MElzc3VpbmclMjBDQSUyMDAzLmNybDBmBgNVHSAEXzBdMFEGDCsGAQQBgjdMg30B
ATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3Bz
L0RvY3MvUmVwb3NpdG9yeS5odG0wCAYGZ4EMAQICMB8GA1UdIwQYMBaAFP4JcUBV
BRBE2KSBdbieGulKBojIMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAN
BgkqhkiG9w0BAQwFAAOCAgEAZpCQvYsTwiHY33gdO63zx16VedHu7en/rhf+pw9d
JmXzlWQWhxP2Rxb7SmBQBnBydNCb1n6ZgWoXqsGP8JmeqIOZRCBu68VIwobA/+OL
Qcr1ZhM9AxsxnzR/CyBUbW9pDIbrhThxBzc9+6yc8YbZeJFRWn6MjmcEM6l7RRsJ
udQ4b6UwPqW8O4fgIM63FHvhzajs9FLQ3eBhi46WCLEHn5rbMbChnsEsCWE6ElZQ
2JKgFmf5i2fGCoyhPxAoscQFDsGBYOGWhwQ07PeOmve1gzgjy2TfO571cfn+9c2w
cWt64yvfqHTAo1T50p1gKeNbziPik1XnVF5a1/4CMzrH43I3KDmMMSTv2S2enmpt
jjPRTzMy6jjRG/7ZKSKQsRoRV++IVRA/AcaPuv7AQuTSvXYXccdxZygDBZyOddDn
GxXjj2pFn/gmaxfeJ4TjmlvxyCDqPKbDeHtdnBpDezf9MXignAlimiF3OGrdJxyq
Wd0ANx9v9hU55m0f+7nsRoGEqlrHvfyi2pt/58ZmckHGUH7sqMrWKwTVh1ReUn0+
xHt29O65Gh05P1ixfDJFbKOA2ihY9nkVCO3j0B4vmfH7tKrVpGPlrgAYUcuM56pf
p/HMENKnH/MnAHXD6671XbJERFNHRNDR1qrX3SCRqArJPI/43H6ocyVsI82hoM7G
a7Q=
-----END CERTIFICATE-----
subject=C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.microsoft.com
issuer=C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 5228 bytes and written 757 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol : TLSv1.3
    Cipher : TLS_AES_256_GCM_SHA384
    Session-ID: 643124F02D3029C902774B5E6B0B507D9C47DA0FF6A060439708B29018124972
    Session-ID-ctx:
    Resumption PSK: 9CCAB2651F4B8873258C4722F59A8698282DE227BE0BBD80BE5613EE0BA66ACDAF7892445F549DF36BE78F84C8BE5078
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 32 8c 1c f8 d6 1c 33 71-fb 26 27 b4 d4 a5 0c e1 2.....3q.&'.....
    0010 - 29 24 51 37 c5 a5 f7 75-96 ea aa d3 94 5e 4a ae )$Q7...u.....^J.

    Start Time: 1720699914
    Timeout : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol : TLSv1.3
    Cipher : TLS_AES_256_GCM_SHA384
    Session-ID: A86923E7760AC76AC296A36BA386470A4D3F61A2D92DE6314E6C184E79621DD7
    Session-ID-ctx:
    Resumption PSK: 39809D7956DD3FCF72C59F003D19BCBA26D688D506026DE4F79518DDA476846F0896EB8D0A75BC6E3ACAC1069C7E37B7
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 0b 7e fd 85 ba ff b4 3e-67 ec 4d 12 55 42 ef ca .~.....>g.M.UB..
    0010 - 33 50 d8 91 be 29 c8 81-15 ec 6c 15 6b 41 42 5b 3P...)....l.kAB[

    Start Time: 1720699914
    Timeout : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
closed
```

Also **wget** is working as expected:

```bash
wget https://dotnet.microsoft.com/
--2024-07-11 12:14:16-- https://dotnet.microsoft.com/
Resolving dotnet.microsoft.com (dotnet.microsoft.com)... 13.107.246.43, 2620:1ec:bdf::43
Connecting to dotnet.microsoft.com (dotnet.microsoft.com)|13.107.246.43|:443... connected.
HTTP request sent, awaiting response... 302 Found
Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
Location: /en-us/ [following]
--2024-07-11 12:14:24-- https://dotnet.microsoft.com/en-us/
Reusing existing connection to dotnet.microsoft.com:443.
HTTP request sent, awaiting response... 200 OK
Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
Length: unspecified [text/html]
Saving to: ‘index.html’

index.html [ <=> ] 300.57K --.-KB/s in 0.1s

2024-07-11 12:14:25 (2.08 MB/s) - ‘index.html’ saved [307782]
```

### curl/libcurl version

curl 8.5.0 (aarch64-unknown-linux-gnu) libcurl/8.5.0 OpenSSL/3.0.13 zlib/1.3 brotli/1.1.0 zstd/1.5.5 libidn2/2.3.7 libpsl/0.21.2 (+libidn2/2.3.7) libssh/0.10.6/openssl/zlib nghttp2/1.59.0 librtmp/2.3 OpenLDAP/2.6.7
Release-Date: 2023-12-06, security patched: 8.5.0-2ubuntu10.1
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd

### operating system

Linux 63c63fd986c4 6.5.0-41-generic #41~22.04.2-Ubuntu SMP PREEMPT_DYNAMIC Mon Jun 3 11:32:55 UTC 2 aarch64 aarch64 aarch64 GNU/Linux

See original description
Revision history for this message
Ruben Suarez Alvarez (rubensa) wrote (last edit ):

Tested as working in both Ubuntu oracular (24.10) and Debian trixie (the base for Ubuntu noble 24.04) on Arm64 architecture.

Ruben Suarez Alvarez (rubensa)
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.