Specifying TLS Cipher with curl TransportOption

David Wen Riccardi-Zhu davidwen.riccardizhu at gooduncle.com
Tue Jun 2 13:51:44 UTC 2020

Thanks, Scott! I doubted myself and gave that a try, too:

<TransportOption provider="CURL"

As well as something like this:
<TransportOption provider="CURL" option="83">DEFAULT at SECLEVEL

But I'm still getting the same error:
2020-06-02 12:32:56 ERROR XMLTooling.libcurl.InputStream : failed to set
CURL transport option (83)
2020-06-02 12:32:56 ERROR XMLTooling.libcurl.InputStream : error while
fetching https://idp-url-here: (35) error:141A318A:SSL
routines:tls_process_ske_dhe:dh key too small
2020-06-02 12:32:56 ERROR XMLTooling.ParserPool : fatal error on line 0,
column 0, message: internal error in NetAccessor
2020-06-02 12:32:56 ERROR OpenSAML.MetadataProvider.XML : error while
loading resource (https://idp-url-here): XML error(s) during parsing, check
log for specifics

Is there a way for me to see why the transport option is failing to set?

Many thanks again,


On Tue, Jun 2, 2020 at 12:43 PM Cantor, Scott <cantor.2 at osu.edu> wrote:

> > (I'm on CentOS, which uses NSS, hence the lowercase cipher name).
> You can't use NSS for this, you have ot be using libcurl with OpenSSL and
> you'd use its syntax.
> -- Scott
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200602/3516b730/attachment.htm>

More information about the users mailing list