Should I be able to curl sites with TLS 1.0 in CentOS 5.11?

Support for security such as Firewalls and securing linux
Post Reply
CentSO Paul
Posts: 1
Joined: 2016/09/17 00:37:12

Should I be able to curl sites with TLS 1.0 in CentOS 5.11?

Post by CentSO Paul » 2016/09/17 00:56:00

Hi, I'm new to CentOS and did my best to search both here and using Google's site: restrict for previous answers, so apologies in advance if this is a repeat of an old question.

I'm running a fresh instance of CentOS 5.11 and would like to curl an HTTPS site via the TLS 1.0 protocol. (My understanding is that TLS 1.1 and 1.2 require CentOS 6 or higher, unless I'm willing to install a newer version of openssl alongside the stock one, which I'd prefer not to do, primarily b/c I'd like to keep this tied together with cPanel later.)

So my main question is: Should I be able to curl sites with TLS 1.0?

I've noticed that when I use "curl -v -I https://<site address>", the highest protocol it will negotiate is SSLv3. I cannot get it to negotiate at TLSv1.0, even when I add the --tlsv1 flag. (An example is google.com.) However, when I visit howsmyssl.com from a browser on the same server, it confirms that my system supports TLS 1.0. Why can't I curl any sites and connect to them via TLS 1.0?

The only change from the stock installation I've made is adding -SSLv3 to /etc/httpd/conf.d/ssl.conf, but that didn't change anything on my outbound curl requests (I'm guessing this really only changes things for inbound requests to the server).

Thanks in advance.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Should I be able to curl sites with TLS 1.0 in CentOS 5.11?

Post by TrevorH » 2016/09/17 11:11:46

I don't know the answer to your question but if this is a fresh install then why would you choose to install CentOS 5? It has about 6 months of life left before it is orphaned and will receive no more security updates - and has barely had anything fixed for most of the last 2 years in any case. Even CentOS 6 has just had its last "feature" release and is headed towards sunset.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply