curl (56) when TLS is enabled

by CIsForCookies   Last Updated August 14, 2018 09:02 AM

I have 2 clients I'm using to fetch files from 2 different Servers using curl.

The command I use is this (IP differs between the servers):

  curl -s -S --stderr err_log -k --user U:1 -o pkg.tgz --cert cert.pem --key pkey.pem ftps://10.10.10.10:21/file.tgz

From the 1st server I get the files, but from the 2nd, I always fail with:

curl: (56) OpenSSL SSL_read: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number, errno 0

I checked vsftpd.conf in both servers (and restarted vsftpd service, just in case) and there are a few differences:

  1. listen_port=21: Working server (WS) has line listen_port=21 where not-working server (NWS) doesn't. I fixed that (removed from WS) and still got it working...
  2. rsa_cert_file:: the file's name is different, but that shouldn't affect anything
  3. ca_certs_file:: the file's name is different also, but that shouldn't affect anything

Also tried playing with --tlsv1, --sslv2, --sslv3 with no success.

I've seen some posts, but nothing really helpful.


This is the NWS (not-working-server) vsftpd.conf (at least the SSL part):

# SSL configuration
ssl_enable=YES
allow_anon_ssl=NO
force_anon_data_ssl=YES
force_anon_logins_ssl=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

rsa_cert_file=/etc/ssl/private/***
rsa_private_key_file=/etc/ssl/private/***

require_ssl_reuse=NO
ssl_ciphers=HIGH

require_cert=YES
validate_cert=YES

ca_certs_file=/etc/ssl/private/***

implicit_ssl=YES
pasv_enable=YES
pasv_min_port=21000
pasv_max_port=21010

debug_ssl=YES
dual_log_enable=YES


Related Questions


How to enable HTTP/2 support for cURL?

Updated February 26, 2016 04:01 AM

Can't install php7 curl

Updated March 01, 2018 11:02 AM

Ubuntu web server: ftp connection timeout

Updated April 20, 2015 01:00 AM

vsftpd restrict users to home directory

Updated August 05, 2015 17:01 PM

Ubuntu Server 14.04 FTP not working

Updated May 20, 2015 05:00 AM