Тупо форсят (неподдерживаемый) TLSv1.3:
Нет, всё несколько сложнее ...
Можно подключиться и с TLS 1.2:
> curl --tls-max 1.2 --http1.1 --ca-native -vI https://www.fandom.com/ * Host www.fandom.com:443 was resolved. * IPv6: (none) * IPv4: 199.232.208.194, 199.232.212.194 * Trying 199.232.208.194:443... * Connected to www.fandom.com (199.232.208.194) port 443 * ALPN: curl offers http/1.1 * TLSv1.2 (OUT), TLS handshake, Client hello (1): * successfully imported Windows ROOT store * successfully imported Windows CA store * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / [blank] / UNDEF * ALPN: server accepted http/1.1 * Server certificate: * subject: CN=*.fandom.com * start date: Jan 19 18:13:29 2024 GMT * expire date: Feb 19 18:13:28 2025 GMT * subjectAltName: host "www.fandom.com" matched cert's "*.fandom.com" * issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1 * SSL certificate verify ok. * Certificate level 0: Public key type ? (2048/112 Bits/secBits), signed using sha256WithRSAEncryption * Certificate level 1: Public key type ? (2048/112 Bits/secBits), signed using sha256WithRSAEncryption * Certificate level 2: Public key type ? (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
но "в перехвате" это всё равно не работает:
> "bin/curl" --tls-max 1.2 --http1.1 --ca-native -vI https://www.fandom.com/ * Host www.fandom.com:443 was resolved. * IPv6: (none) * IPv4: 199.232.212.194, 199.232.208.194 * Trying 199.232.212.194:443... * Connected to www.fandom.com (199.232.212.194) port 443 * ALPN: curl offers http/1.1 * TLSv1.2 (OUT), TLS handshake, Client hello (1): * successfully imported Windows ROOT store * successfully imported Windows CA store * LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.fandom.com:443 * Closing connection curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.fandom.com:443