2

This question is related to: Homebrew gives SSL error (SSL_ERROR_SYSCALL) on home network

As Alexander Ekdahl points out in the comments, adding --ciphers ECDHE-RSA-AES128-GCM-SHA256 fixes the above problem.

I am not sure why curl won't work on my home network without me specifying the ciphers. Regardless, to solve this problem is there a way for me to specify that curl should use this option everytime it makes a request without me having to manually add the ciphers option everytime?

Improve this question
3
  • You can always just fix the SSL certificate.
    – Ramhound
    Commented Mar 1, 2018 at 16:44
  • @Ramhound - is there a problem with the certificate?
    – garethTheRed
    Commented Mar 2, 2018 at 6:57
  • Can you explain how @Ramhound?
    – philosopher
    Commented Mar 2, 2018 at 17:50

2 Answers 2

Reset to default
8

From the curl manual, simply add:

--ciphers ECDHE-RSA-AES128-GCM-SHA256

To ~/.curlrc.

Improve this answer
3
  • 1
    Thanks, is there any security risk if you do this?
    – philosopher
    Commented Mar 2, 2018 at 17:46
  • 1
    also do you know why this happen?
    – philosopher
    Commented Mar 2, 2018 at 18:01
  • 1
    Does your home network have a firewall? It may be carrying out HTTPS inspection, in which case it acts as a client and connects to your target website, de-crypts the connection to check it; then re-encrypts it with its own certificate. If this firewall is using deprecated ciphers you'll end up with this issue. Curl will try to use the best ciphers available to it. If the ciphers presented by this firewall isn't on the list acceptable to Curl, you have to force Curl to use a less secure cipher. Just a guess though :-)
    – garethTheRed
    Commented Mar 2, 2018 at 19:02
1

@philosopher

Check the manpage for curl and put the options you want in your ~/.curlrc file.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .