Тупо форсят (неподдерживаемый) TLSv1.3:
Нет, всё несколько сложнее ...
Можно подключиться и с TLS 1.2:
> curl --tls-max 1.2 --http1.1 --ca-native -vI https://www.fandom.com/
* Host www.fandom.com:443 was resolved.
* IPv6: (none)
* IPv4: 199.232.208.194, 199.232.212.194
* Trying 199.232.208.194:443...
* Connected to www.fandom.com (199.232.208.194) port 443
* ALPN: curl offers http/1.1
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* successfully imported Windows ROOT store
* successfully imported Windows CA store
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / [blank] / UNDEF
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=*.fandom.com
* start date: Jan 19 18:13:29 2024 GMT
* expire date: Feb 19 18:13:28 2025 GMT
* subjectAltName: host "www.fandom.com" matched cert's "*.fandom.com"
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1
* SSL certificate verify ok.
* Certificate level 0: Public key type ? (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type ? (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type ? (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
но "в перехвате" это всё равно не работает:
> "bin/curl" --tls-max 1.2 --http1.1 --ca-native -vI https://www.fandom.com/
* Host www.fandom.com:443 was resolved.
* IPv6: (none)
* IPv4: 199.232.212.194, 199.232.208.194
* Trying 199.232.212.194:443...
* Connected to www.fandom.com (199.232.212.194) port 443
* ALPN: curl offers http/1.1
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* successfully imported Windows ROOT store
* successfully imported Windows CA store
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.fandom.com:443
* Closing connection
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.fandom.com:443
Сообщение было изменено basid: 18 Июнь 2024 - 08:41