OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
curl (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
The problem seems to affect only Ubuntu 24.04 Arm64. It works as expected in Ubuntu 24.04 Amd64.
For further information see: https:/
### I did this
```bash
curl -vvv https:/
* Host dotnet.
* IPv6: 2620:1ec:bdf::43
* IPv4: 13.107.246.43
* Trying 13.107.
* Connected to dotnet.
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to dotnet.
* Closing connection
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to dotnet.
```
### I expected the following
I expected no SSL error as **openssl** seem to be working as expected:
```bash
openssl s_client -connect dotnet.
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
verify return:1
depth=0 C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.
verify return:1
---
Certificate chain
0 s:C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.
i:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384
v:NotBefore: Jun 25 20:36:42 2024 GMT; NotAfter: Jun 20 20:36:42 2025 GMT
1 s:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
v:NotBefore: Jun 8 00:00:00 2023 GMT; NotAfter: Aug 25 23:59:59 2026 GMT
2 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 1 12:00:00 2013 GMT; NotAfter: Jan 15 12:00:00 2038 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIIbjCCBlagAwI
ADBdMQswCQYDVQQ
MS4wLAYDVQQDEyV
MB4XDTI0MDYyNTI
CzAJBgNVBAgTAld
ZnQgQ29ycG9yYXR
IjANBgkqhkiG9w0
WLdi3kO2GRUsk4D
ukkyO2gbo5Wko/
d9dByKjdkUC/
Npm8SfxXoz+
XdjkYs0ogl9/
AQABo4IEFzCCBBM
OFts1N8/
ULEsaDpC+
j0eI7ccMwijHvT+
AAABkFEmpPoAAAQ
ThACIQDu5FjzJCH
aDYf3mG5lk0KUng
6xxYXiKqus9p+
gWoTe4I129rn+
BgEFBQcDATA8Bgk
0AyH8NodXYKE5Wm
BQcwAoZnaHR0cDo
b3NvZnQlMjBBenV
LSUyMHhzaWduLmN
b2Z0LmNvbS9vY3N
HQ8BAf8EBAMCBaA
VR0TAQH/
dC5jb20vcGtpb3B
MElzc3VpbmclMjB
ATBBMD8GCCsGAQU
L0RvY3MvUmVwb3N
BRBE2KSBdbieGul
BgkqhkiG9w0BAQw
JmXzlWQWhxP2Rxb
Qcr1ZhM9AxsxnzR
udQ4b6UwPqW8O4f
2JKgFmf5i2fGCoy
cWt64yvfqHTAo1T
jjPRTzMy6jjRG/
GxXjj2pFn/
Wd0ANx9v9hU55m0
xHt29O65Gh05P1i
p/HMENKnH/
a7Q=
-----END CERTIFICATE-----
subject=C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.
issuer=C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 5228 bytes and written 757 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_
Session-ID: 643124F02D3029C
Session-ID-ctx:
Resumption PSK: 9CCAB2651F4B887
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 32 8c 1c f8 d6 1c 33 71-fb 26 27 b4 d4 a5 0c e1 2.....3q.&'.....
0010 - 29 24 51 37 c5 a5 f7 75-96 ea aa d3 94 5e 4a ae )$Q7...u.....^J.
Start Time: 1720699914
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_
Session-ID: A86923E7760AC76
Session-ID-ctx:
Resumption PSK: 39809D7956DD3FC
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 0b 7e fd 85 ba ff b4 3e-67 ec 4d 12 55 42 ef ca .~.....>g.M.UB..
0010 - 33 50 d8 91 be 29 c8 81-15 ec 6c 15 6b 41 42 5b 3P...)....l.kAB[
Start Time: 1720699914
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
closed
```
Also **wget** is working as expected:
```bash
wget https:/
--2024-07-11 12:14:16-- https:/
Resolving dotnet.
Connecting to dotnet.
HTTP request sent, awaiting response... 302 Found
Cookie coming from dotnet.
Cookie coming from dotnet.
Location: /en-us/ [following]
--2024-07-11 12:14:24-- https:/
Reusing existing connection to dotnet.
HTTP request sent, awaiting response... 200 OK
Cookie coming from dotnet.
Cookie coming from dotnet.
Length: unspecified [text/html]
Saving to: ‘index.html’
index.html [ <=> ] 300.57K --.-KB/s in 0.1s
2024-07-11 12:14:25 (2.08 MB/s) - ‘index.html’ saved [307782]
```
### curl/libcurl version
curl 8.5.0 (aarch64-
Release-Date: 2023-12-06, security patched: 8.5.0-2ubuntu10.1
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd
### operating system
Linux 63c63fd986c4 6.5.0-41-generic #41~22.04.2-Ubuntu SMP PREEMPT_DYNAMIC Mon Jun 3 11:32:55 UTC 2 aarch64 aarch64 aarch64 GNU/Linux
description: | updated |
Tested as working in both Ubuntu oracular (24.10) and Debian trixie (the base for Ubuntu noble 24.04) on Arm64 architecture.