curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to github.com:443

Latest response

Hi all,

$$ When I try to download docker-compose whith curl,
curl -SL https://github.com/docker/compose/releases/download/v2.15.1/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose

$$ I get this error
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to github.com:443

$$ and Whith curl -vvvv option

[user01@ip-105-12-2-121 ~]$ curl -vvvv -SL https://github.com/docker/compose/releases/download/v2.15.1/docker-compose-linux-x86_64 -o docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 140.82.121.3...
* TCP_NODELAY set
* Connected to github.com (140.82.121.3) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to github.com:443
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to github.com:443

$$ Curl version
curl 7.61.1 (x86_64-redhat-linux-gnu) libcurl/7.61.1 OpenSSL/1.1.1k zlib/1.2.11 brotli/1.0.6 libidn2/2.2.0 libpsl/0.20.2 (+libidn2/2.2.0) libssh/0.9.6/openssl/zlib nghttp2/1.33.0
Release-Date: 2018-09-05
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz brotli TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL

$$ Openssl version
openssl-1.1.1k-7.el8_6.x86_64

$$ Redhat Version
Red Hat Enterprise Linux release 8.7 (Ootpa)

Thanks and regards to everyone who can help swhith this issue.

Responses

Hello Mustapha EL HACHIMI,

In the verbose curl command output, the connection seems to be established on port 443 to the destination site, however, it fails TLS handshake process. If this is on a corporate or enterprise network then check out the gateway firewall which might be blocking the SSL in-bound traffic in such case you try with --insecure (though not recommended) curl command option. Also, check if there is a proxy which is there and it might be set to allow https traffic.

Hope this helps!

Hello Sadashiva Murthy,

Thanks for you answer. And you are right. This is a flow issue. I did check firwall logs and found 443 dropped for my instance. Now the flow is enabled and the request works as a charm.

Thanks again.

Good to hear that it got fixed.