Could be IPv6 related, because with IPv4 it works: rudolf@variable-7400:~$ curl --verbose https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/001_xserver.patch.sig * Trying 199.185.178.81:443... * Connected to ftp.openbsd.org (199.185.178.81) port 443 (#0) * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN: server did not agree on a protocol. Uses default. * Server certificate: * subject: CN=ftp.openbsd.org * start date: Sep 19 15:39:09 2023 GMT * expire date: Dec 18 15:39:08 2023 GMT * subjectAltName: host "ftp.openbsd.org" matched cert's "ftp.openbsd.org" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok. * using HTTP/1.x > GET /pub/OpenBSD/patches/7.4/common/001_xserver.patch.sig HTTP/1.1 > Host: ftp.openbsd.org > User-Agent: curl/7.88.1 > Accept: */* > < HTTP/1.1 200 OK
On Wed, 2023-10-25 at 10:49 +0200, Martin Schröder wrote: > Hi, > downloading the latest patches on 7.4 fails with > > > curl --verbose > > https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/001_xserver.patch.sig > * Trying [2620:3d:c000:178::81]:443... > * Connected to ftp.openbsd.org (2620:3d:c000:178::81) port 443 > * ALPN: curl offers h2,http/1.1 > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > * CAfile: /etc/ssl/cert.pem > * CApath: none > * LibreSSL/3.8.2: error:1400442E:SSL > routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version > * Closing connection > curl: (35) LibreSSL/3.8.2: error:1400442E:SSL > routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version > > Best > Martin >
