Specifying TLS Cipher with curl TransportOption
David Wen Riccardi-Zhu
davidwen.riccardizhu at gooduncle.com
Tue Jun 2 13:51:44 UTC 2020
Thanks, Scott! I doubted myself and gave that a try, too:
<TransportOption provider="CURL"
option="83">TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</TransportOption>
As well as something like this:
<TransportOption provider="CURL" option="83">DEFAULT at SECLEVEL
=1</TransportOption>
But I'm still getting the same error:
2020-06-02 12:32:56 ERROR XMLTooling.libcurl.InputStream : failed to set
CURL transport option (83)
2020-06-02 12:32:56 ERROR XMLTooling.libcurl.InputStream : error while
fetching https://idp-url-here: (35) error:141A318A:SSL
routines:tls_process_ske_dhe:dh key too small
2020-06-02 12:32:56 ERROR XMLTooling.ParserPool : fatal error on line 0,
column 0, message: internal error in NetAccessor
2020-06-02 12:32:56 ERROR OpenSAML.MetadataProvider.XML : error while
loading resource (https://idp-url-here): XML error(s) during parsing, check
log for specifics
Is there a way for me to see why the transport option is failing to set?
Many thanks again,
David
On Tue, Jun 2, 2020 at 12:43 PM Cantor, Scott <cantor.2 at osu.edu> wrote:
> > (I'm on CentOS, which uses NSS, hence the lowercase cipher name).
>
> You can't use NSS for this, you have ot be using libcurl with OpenSSL and
> you'd use its syntax.
>
> -- Scott
>
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200602/3516b730/attachment.htm>
More information about the users
mailing list