Ubuntu
curl package

Bug #2073448
Comment #0

Comment 0 for bug 2073448

Revision history for this message

Ruben Suarez Alvarez (rubensa) wrote on 2024-07-18:

The problem seems to affect only Ubuntu 22.04 Arm64. It works as expected in Ubuntu 22.04 Amd64.

For further information see: https://github.com/curl/curl/issues/14154

### I did this

```bash
curl -vvv https://dotnet.microsoft.com/
* Host dotnet.microsoft.com:443 was resolved.
* IPv6: 2620:1ec:bdf::43
* IPv4: 13.107.246.43
* Trying 13.107.246.43:443...
* Connected to dotnet.microsoft.com (13.107.246.43) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to dotnet.microsoft.com:443
* Closing connection
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to dotnet.microsoft.com:443
```

### I expected the following

I expected no SSL error as **openssl** seem to be working as expected:

```bash
openssl s_client -connect dotnet.microsoft.com:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
verify return:1
depth=0 C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.microsoft.com
verify return:1
---
Certificate chain
0 s:C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.microsoft.com
   i:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384
   v:NotBefore: Jun 25 20:36:42 2024 GMT; NotAfter: Jun 20 20:36:42 2025 GMT
1 s:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
   v:NotBefore: Jun 8 00:00:00 2023 GMT; NotAfter: Aug 25 23:59:59 2026 GMT
2 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Aug 1 12:00:00 2013 GMT; NotAfter: Jan 15 12:00:00 2038 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIIbjCCBlagAwIBAgITMwBqsN0udUZDvIEukgAAAGqw3TANBgkqhkiG9w0BAQwF
ADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
MS4wLAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgUlNBIFRMUyBJc3N1aW5nIENBIDAz
MB4XDTI0MDYyNTIwMzY0MloXDTI1MDYyMDIwMzY0MlowazELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv
ZnQgQ29ycG9yYXRpb24xHTAbBgNVBAMTFGRvdG5ldC5taWNyb3NvZnQuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZD+C6LaJAjEgKDLOH643bUB
WLdi3kO2GRUsk4DwfZ6KAAs0nkY9ltpUZgpE+Mm8dNuNCWewU3MpuQgMptOfCuf7
ukkyO2gbo5Wko/U0ilNQ+0T2mTg43U7h+LQfnBcAPyidTUQYR+hfoZIFauBAVygT
d9dByKjdkUC/bQA8I0/CaJV62qt4rAptuO8n94M9TcwHGzKKKNkq1ByInbEomLef
Npm8SfxXoz+3JqTt2isUJuvN/NxkbFAAKgj5DbXdfypbLxXSqxjh1ThyAvhchQ1e
XdjkYs0ogl9/dmgcon5ojAd6F2ty+EIayOpZzLtRVZEnU10ZpP/QRBDbYrlRFQID
AQABo4IEFzCCBBMwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AE51oydcmhDD
OFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABkFEmpOcAAAQDAEcwRQIhAIIpI3la
ULEsaDpC+KwWQdoMDPMDO18Rs3XbNozqkoVZAiAdAah3WKvDZUvqGZ1xLVq8AeQk
j0eI7ccMwijHvT+XJgB2AH1ZHhLheCp7HGFnfF79+NCHXBSgTpWeuQMv2Q6MLnm4
AAABkFEmpPoAAAQDAEcwRQIgDtEZs9YRgwl1LFh0Qe9zHpYaqh4uPrvOKGacN0sP
ThACIQDu5FjzJCHOdhIYYEi3E9eUYa5hkaFfGqNdkW+f7f6ymAB3AOCSs/wMHcjn
aDYf3mG5lk0KUngZinLWcsSwTaVtb1QEAAABkFEmpWkAAAQDAEgwRgIhAK3IH/kH
6xxYXiKqus9p+HOzLZ5V7QD3WLdH5d4iE+cDAiEAu7vlX3NjwcVV9Q0qad5oRq+J
gWoTe4I129rn+Nwg8dswJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggr
BgEFBQcDATA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiHvdcbgefrRoKBnS6O
0AyH8NodXYKE5WmC86c+AgFkAgEmMIG0BggrBgEFBQcBAQSBpzCBpDBzBggrBgEF
BQcwAoZnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNy
b3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUyMElzc3VpbmclMjBDQSUyMDAzJTIw
LSUyMHhzaWduLmNydDAtBggrBgEFBQcwAYYhaHR0cDovL29uZW9jc3AubWljcm9z
b2Z0LmNvbS9vY3NwMB0GA1UdDgQWBBR9TKvzmHG1MV1ddWm5+vC6YXanqjAOBgNV
HQ8BAf8EBAMCBaAwHwYDVR0RBBgwFoIUZG90bmV0Lm1pY3Jvc29mdC5jb20wDAYD
VR0TAQH/BAIwADBqBgNVHR8EYzBhMF+gXaBbhllodHRwOi8vd3d3Lm1pY3Jvc29m
dC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUy
MElzc3VpbmclMjBDQSUyMDAzLmNybDBmBgNVHSAEXzBdMFEGDCsGAQQBgjdMg30B
ATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3Bz
L0RvY3MvUmVwb3NpdG9yeS5odG0wCAYGZ4EMAQICMB8GA1UdIwQYMBaAFP4JcUBV
BRBE2KSBdbieGulKBojIMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAN
BgkqhkiG9w0BAQwFAAOCAgEAZpCQvYsTwiHY33gdO63zx16VedHu7en/rhf+pw9d
JmXzlWQWhxP2Rxb7SmBQBnBydNCb1n6ZgWoXqsGP8JmeqIOZRCBu68VIwobA/+OL
Qcr1ZhM9AxsxnzR/CyBUbW9pDIbrhThxBzc9+6yc8YbZeJFRWn6MjmcEM6l7RRsJ
udQ4b6UwPqW8O4fgIM63FHvhzajs9FLQ3eBhi46WCLEHn5rbMbChnsEsCWE6ElZQ
2JKgFmf5i2fGCoyhPxAoscQFDsGBYOGWhwQ07PeOmve1gzgjy2TfO571cfn+9c2w
cWt64yvfqHTAo1T50p1gKeNbziPik1XnVF5a1/4CMzrH43I3KDmMMSTv2S2enmpt
jjPRTzMy6jjRG/7ZKSKQsRoRV++IVRA/AcaPuv7AQuTSvXYXccdxZygDBZyOddDn
GxXjj2pFn/gmaxfeJ4TjmlvxyCDqPKbDeHtdnBpDezf9MXignAlimiF3OGrdJxyq
Wd0ANx9v9hU55m0f+7nsRoGEqlrHvfyi2pt/58ZmckHGUH7sqMrWKwTVh1ReUn0+
xHt29O65Gh05P1ixfDJFbKOA2ihY9nkVCO3j0B4vmfH7tKrVpGPlrgAYUcuM56pf
p/HMENKnH/MnAHXD6671XbJERFNHRNDR1qrX3SCRqArJPI/43H6ocyVsI82hoM7G
a7Q=
-----END CERTIFICATE-----
subject=C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.microsoft.com
issuer=C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 5228 bytes and written 757 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol : TLSv1.3
    Cipher : TLS_AES_256_GCM_SHA384
    Session-ID: 643124F02D3029C902774B5E6B0B507D9C47DA0FF6A060439708B29018124972
    Session-ID-ctx:
    Resumption PSK: 9CCAB2651F4B8873258C4722F59A8698282DE227BE0BBD80BE5613EE0BA66ACDAF7892445F549DF36BE78F84C8BE5078
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 32 8c 1c f8 d6 1c 33 71-fb 26 27 b4 d4 a5 0c e1 2.....3q.&'.....
    0010 - 29 24 51 37 c5 a5 f7 75-96 ea aa d3 94 5e 4a ae )$Q7...u.....^J.

    Start Time: 1720699914
    Timeout : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol : TLSv1.3
    Cipher : TLS_AES_256_GCM_SHA384
    Session-ID: A86923E7760AC76AC296A36BA386470A4D3F61A2D92DE6314E6C184E79621DD7
    Session-ID-ctx:
    Resumption PSK: 39809D7956DD3FCF72C59F003D19BCBA26D688D506026DE4F79518DDA476846F0896EB8D0A75BC6E3ACAC1069C7E37B7
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 0b 7e fd 85 ba ff b4 3e-67 ec 4d 12 55 42 ef ca .~.....>g.M.UB..
    0010 - 33 50 d8 91 be 29 c8 81-15 ec 6c 15 6b 41 42 5b 3P...)....l.kAB[

    Start Time: 1720699914
    Timeout : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
closed
```

Also **wget** is working as expected:

```bash
wget https://dotnet.microsoft.com/
--2024-07-11 12:14:16-- https://dotnet.microsoft.com/
Resolving dotnet.microsoft.com (dotnet.microsoft.com)... 13.107.246.43, 2620:1ec:bdf::43
Connecting to dotnet.microsoft.com (dotnet.microsoft.com)|13.107.246.43|:443... connected.
HTTP request sent, awaiting response... 302 Found
Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
Location: /en-us/ [following]
--2024-07-11 12:14:24-- https://dotnet.microsoft.com/en-us/
Reusing existing connection to dotnet.microsoft.com:443.
HTTP request sent, awaiting response... 200 OK
Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
Length: unspecified [text/html]
Saving to: ‘index.html’

index.html [ <=> ] 300.57K --.-KB/s in 0.1s

2024-07-11 12:14:25 (2.08 MB/s) - ‘index.html’ saved [307782]
```

### curl/libcurl version

curl 8.5.0 (aarch64-unknown-linux-gnu) libcurl/8.5.0 OpenSSL/3.0.13 zlib/1.3 brotli/1.1.0 zstd/1.5.5 libidn2/2.3.7 libpsl/0.21.2 (+libidn2/2.3.7) libssh/0.10.6/openssl/zlib nghttp2/1.59.0 librtmp/2.3 OpenLDAP/2.6.7
Release-Date: 2023-12-06, security patched: 8.5.0-2ubuntu10.1
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd

### operating system

Linux 63c63fd986c4 6.5.0-41-generic #41~22.04.2-Ubuntu SMP PREEMPT_DYNAMIC Mon Jun 3 11:32:55 UTC 2 aarch64 aarch64 aarch64 GNU/Linux

The problem seems to affect only Ubuntu 22.04 Arm64.  It works as expected in Ubuntu 22.04 Amd64.

For further information see: https://github.com/curl/curl/issues/14154

### I did this

```bash
curl -vvv https://dotnet.microsoft.com/
* Host dotnet.microsoft.com:443 was resolved.
* IPv6: 2620:1ec:bdf::43
* IPv4: 13.107.246.43
*   Trying 13.107.246.43:443...
* Connected to dotnet.microsoft.com (13.107.246.43) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to dotnet.microsoft.com:443 
* Closing connection
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to dotnet.microsoft.com:443 
```

### I expected the following

I expected no SSL error as **openssl** seem to be working as expected:

```bash
openssl s_client -connect dotnet.microsoft.com:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
verify return:1
depth=0 C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.microsoft.com
verify return:1
---
Certificate chain
 0 s:C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.microsoft.com
   i:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384
   v:NotBefore: Jun 25 20:36:42 2024 GMT; NotAfter: Jun 20 20:36:42 2025 GMT
 1 s:C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
   v:NotBefore: Jun  8 00:00:00 2023 GMT; NotAfter: Aug 25 23:59:59 2026 GMT
 2 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Aug  1 12:00:00 2013 GMT; NotAfter: Jan 15 12:00:00 2038 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIIbjCCBlagAwIBAgITMwBqsN0udUZDvIEukgAAAGqw3TANBgkqhkiG9w0BAQwF
ADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
MS4wLAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgUlNBIFRMUyBJc3N1aW5nIENBIDAz
MB4XDTI0MDYyNTIwMzY0MloXDTI1MDYyMDIwMzY0MlowazELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv
ZnQgQ29ycG9yYXRpb24xHTAbBgNVBAMTFGRvdG5ldC5taWNyb3NvZnQuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZD+C6LaJAjEgKDLOH643bUB
WLdi3kO2GRUsk4DwfZ6KAAs0nkY9ltpUZgpE+Mm8dNuNCWewU3MpuQgMptOfCuf7
ukkyO2gbo5Wko/U0ilNQ+0T2mTg43U7h+LQfnBcAPyidTUQYR+hfoZIFauBAVygT
d9dByKjdkUC/bQA8I0/CaJV62qt4rAptuO8n94M9TcwHGzKKKNkq1ByInbEomLef
Npm8SfxXoz+3JqTt2isUJuvN/NxkbFAAKgj5DbXdfypbLxXSqxjh1ThyAvhchQ1e
XdjkYs0ogl9/dmgcon5ojAd6F2ty+EIayOpZzLtRVZEnU10ZpP/QRBDbYrlRFQID
AQABo4IEFzCCBBMwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AE51oydcmhDD
OFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABkFEmpOcAAAQDAEcwRQIhAIIpI3la
ULEsaDpC+KwWQdoMDPMDO18Rs3XbNozqkoVZAiAdAah3WKvDZUvqGZ1xLVq8AeQk
j0eI7ccMwijHvT+XJgB2AH1ZHhLheCp7HGFnfF79+NCHXBSgTpWeuQMv2Q6MLnm4
AAABkFEmpPoAAAQDAEcwRQIgDtEZs9YRgwl1LFh0Qe9zHpYaqh4uPrvOKGacN0sP
ThACIQDu5FjzJCHOdhIYYEi3E9eUYa5hkaFfGqNdkW+f7f6ymAB3AOCSs/wMHcjn
aDYf3mG5lk0KUngZinLWcsSwTaVtb1QEAAABkFEmpWkAAAQDAEgwRgIhAK3IH/kH
6xxYXiKqus9p+HOzLZ5V7QD3WLdH5d4iE+cDAiEAu7vlX3NjwcVV9Q0qad5oRq+J
gWoTe4I129rn+Nwg8dswJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggr
BgEFBQcDATA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiHvdcbgefrRoKBnS6O
0AyH8NodXYKE5WmC86c+AgFkAgEmMIG0BggrBgEFBQcBAQSBpzCBpDBzBggrBgEF
BQcwAoZnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNy
b3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUyMElzc3VpbmclMjBDQSUyMDAzJTIw
LSUyMHhzaWduLmNydDAtBggrBgEFBQcwAYYhaHR0cDovL29uZW9jc3AubWljcm9z
b2Z0LmNvbS9vY3NwMB0GA1UdDgQWBBR9TKvzmHG1MV1ddWm5+vC6YXanqjAOBgNV
HQ8BAf8EBAMCBaAwHwYDVR0RBBgwFoIUZG90bmV0Lm1pY3Jvc29mdC5jb20wDAYD
VR0TAQH/BAIwADBqBgNVHR8EYzBhMF+gXaBbhllodHRwOi8vd3d3Lm1pY3Jvc29m
dC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUy
MElzc3VpbmclMjBDQSUyMDAzLmNybDBmBgNVHSAEXzBdMFEGDCsGAQQBgjdMg30B
ATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3Bz
L0RvY3MvUmVwb3NpdG9yeS5odG0wCAYGZ4EMAQICMB8GA1UdIwQYMBaAFP4JcUBV
BRBE2KSBdbieGulKBojIMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAN
BgkqhkiG9w0BAQwFAAOCAgEAZpCQvYsTwiHY33gdO63zx16VedHu7en/rhf+pw9d
JmXzlWQWhxP2Rxb7SmBQBnBydNCb1n6ZgWoXqsGP8JmeqIOZRCBu68VIwobA/+OL
Qcr1ZhM9AxsxnzR/CyBUbW9pDIbrhThxBzc9+6yc8YbZeJFRWn6MjmcEM6l7RRsJ
udQ4b6UwPqW8O4fgIM63FHvhzajs9FLQ3eBhi46WCLEHn5rbMbChnsEsCWE6ElZQ
2JKgFmf5i2fGCoyhPxAoscQFDsGBYOGWhwQ07PeOmve1gzgjy2TfO571cfn+9c2w
cWt64yvfqHTAo1T50p1gKeNbziPik1XnVF5a1/4CMzrH43I3KDmMMSTv2S2enmpt
jjPRTzMy6jjRG/7ZKSKQsRoRV++IVRA/AcaPuv7AQuTSvXYXccdxZygDBZyOddDn
GxXjj2pFn/gmaxfeJ4TjmlvxyCDqPKbDeHtdnBpDezf9MXignAlimiF3OGrdJxyq
Wd0ANx9v9hU55m0f+7nsRoGEqlrHvfyi2pt/58ZmckHGUH7sqMrWKwTVh1ReUn0+
xHt29O65Gh05P1ixfDJFbKOA2ihY9nkVCO3j0B4vmfH7tKrVpGPlrgAYUcuM56pf
p/HMENKnH/MnAHXD6671XbJERFNHRNDR1qrX3SCRqArJPI/43H6ocyVsI82hoM7G
a7Q=
-----END CERTIFICATE-----
subject=C = US, ST = WA, L = Redmond, O = Microsoft Corporation, CN = dotnet.microsoft.com
issuer=C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 03
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 5228 bytes and written 757 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 643124F02D3029C902774B5E6B0B507D9C47DA0FF6A060439708B29018124972
    Session-ID-ctx: 
    Resumption PSK: 9CCAB2651F4B8873258C4722F59A8698282DE227BE0BBD80BE5613EE0BA66ACDAF7892445F549DF36BE78F84C8BE5078
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 32 8c 1c f8 d6 1c 33 71-fb 26 27 b4 d4 a5 0c e1   2.....3q.&'.....
    0010 - 29 24 51 37 c5 a5 f7 75-96 ea aa d3 94 5e 4a ae   )$Q7...u.....^J.

Start Time: 1720699914
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: A86923E7760AC76AC296A36BA386470A4D3F61A2D92DE6314E6C184E79621DD7
    Session-ID-ctx: 
    Resumption PSK: 39809D7956DD3FCF72C59F003D19BCBA26D688D506026DE4F79518DDA476846F0896EB8D0A75BC6E3ACAC1069C7E37B7
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 0b 7e fd 85 ba ff b4 3e-67 ec 4d 12 55 42 ef ca   .~.....>g.M.UB..
    0010 - 33 50 d8 91 be 29 c8 81-15 ec 6c 15 6b 41 42 5b   3P...)....l.kAB[

Start Time: 1720699914
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
closed
```

Also **wget** is working as expected:

```bash
wget https://dotnet.microsoft.com/
--2024-07-11 12:14:16--  https://dotnet.microsoft.com/
Resolving dotnet.microsoft.com (dotnet.microsoft.com)... 13.107.246.43, 2620:1ec:bdf::43
Connecting to dotnet.microsoft.com (dotnet.microsoft.com)|13.107.246.43|:443... connected.
HTTP request sent, awaiting response... 302 Found
Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
Location: /en-us/ [following]
--2024-07-11 12:14:24--  https://dotnet.microsoft.com/en-us/
Reusing existing connection to dotnet.microsoft.com:443.
HTTP request sent, awaiting response... 200 OK
Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
Cookie coming from dotnet.microsoft.com attempted to set domain to dotnetwebsite.azurewebsites.net
Length: unspecified [text/html]
Saving to: ‘index.html’

index.html                                         [ <=>                                                                                                ] 300.57K  --.-KB/s    in 0.1s

2024-07-11 12:14:25 (2.08 MB/s) - ‘index.html’ saved [307782]
```

### curl/libcurl version

### operating system

Linux 63c63fd986c4 6.5.0-41-generic #41~22.04.2-Ubuntu SMP PREEMPT_DYNAMIC Mon Jun  3 11:32:55 UTC 2 aarch64 aarch64 aarch64 GNU/Linux

Ubuntucurl package

Comment 0 for bug 2073448

Ubuntu
curl package