linux wget secure authentication

Question

I am trying to download a serious of scripts ... unfortunately it doesn't work.

shell:

$ wget --secure-protocol=TLSv1 --user=username --password=password --no-check-certificate https://www.example.com/bla/foo/bar/secure/1.pdf

respond:

--2014-10-06 12:49:26--  https://www.example.com/bla/foo/bar/secure/1.pdf
Resolving www.example.com (www.example.com)... xxx.xxx.xx.xx
Connecting to www.example.com (www.example.com)| xxx.xxx.xx.xx|:443... connected.
OpenSSL: error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal error
Unable to establish SSL connection.

Answer 1

There can be lots of reasons why this fails with this error, among them:

• server is unable to cope with newer TLS versions
• server requires client authentication
• server has a misbehaving SSL load balancer in front
• there is a firewall between you and the server rejecting your traffic after initial inspection

That's all which can be said from the information you provide. You might check the server against sslabs to get more information or provide more details in your question, like the real URL.

Edit: The requested server is www2.cs.fau.de. This server supports only SSLv3 and croaks on TLSv1 (instead of just responding with SSLv3), so you need to enforce SSLv3 with wget:

wget --secure-protocol=SSLv3 ...

The certificate of the server can be verified against the usual trusted CA on Linux, so you probably don't need the --no-check-certificate option.

Most browsers can access this site because they automatically downgrade to older SSL versions if connects with more modern versions does not succeed, but tools like curl or wget do not retry with downgraded versions.