Should I be able to curl sites with TLS 1.0 in CentOS 5.11?

Support for security such as Firewalls and securing linux
CentSO Paul
Posts: 1
Joined: 2016/09/17 00:37:12

Should I be able to curl sites with TLS 1.0 in CentOS 5.11?

Postby CentSO Paul » 2016/09/17 00:56:00

Hi, I'm new to CentOS and did my best to search both here and using Google's site: restrict for previous answers, so apologies in advance if this is a repeat of an old question.

I'm running a fresh instance of CentOS 5.11 and would like to curl an HTTPS site via the TLS 1.0 protocol. (My understanding is that TLS 1.1 and 1.2 require CentOS 6 or higher, unless I'm willing to install a newer version of openssl alongside the stock one, which I'd prefer not to do, primarily b/c I'd like to keep this tied together with cPanel later.)

So my main question is: Should I be able to curl sites with TLS 1.0?

I've noticed that when I use "curl -v -I https://<site address>", the highest protocol it will negotiate is SSLv3. I cannot get it to negotiate at TLSv1.0, even when I add the --tlsv1 flag. (An example is google.com.) However, when I visit howsmyssl.com from a browser on the same server, it confirms that my system supports TLS 1.0. Why can't I curl any sites and connect to them via TLS 1.0?

The only change from the stock installation I've made is adding -SSLv3 to /etc/httpd/conf.d/ssl.conf, but that didn't change anything on my outbound curl requests (I'm guessing this really only changes things for inbound requests to the server).

Thanks in advance.

User avatar
TrevorH
Forum Moderator
Posts: 21158
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Should I be able to curl sites with TLS 1.0 in CentOS 5.11?

Postby TrevorH » 2016/09/17 11:11:46

I don't know the answer to your question but if this is a fresh install then why would you choose to install CentOS 5? It has about 6 months of life left before it is orphaned and will receive no more security updates - and has barely had anything fixed for most of the last 2 years in any case. Even CentOS 6 has just had its last "feature" release and is headed towards sunset.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke