For debian 7 works like in post, not only on Fedora! For Centos - curl -v --ciphers ecdhe_ecdsa_aes_128_sha URL works, use .curlrc.
cURL support for CloudFlare-enabled websites
CloudFlare provides a nice protection from DDoS and other hacking activities, last year they even added a free UniverSSL package to all users. The problem began with the cURL ciphers on cloudflare-enabled websites. cURL does not successfully handshake with cloudflare servers with its default encryption algorithms.
I test my website out using openssl s_client.
openssl s_client -connect luxing.im:443
We could see the following output: ... New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 ...
OK so it is using ECDHE-RSA-AES128-GCM-SHA256 cipher to connect to my website.
Yes, now my curl is working. Let’s see the output: ... * SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ...
OK. It is actually using the TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 algorithm, so forcing the cipher to use ecdhe_ecdsa_aes_128_gcm_sha_256 works.
My curl is: curl -V curl 7.37.0 (x86_64-redhat-linux-gnu) libcurl/7.37.0 NSS/3.17.4 Basic ECC zlib/1.2.8 libidn/1.28 libssh2/1.4.3 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz Metalink And I am on Fedora 20+.
Note: 1. Debian/RHEL/CentOS series does not support this algorithm. You’ll have to create a ticket to CloudFlare support to discuss it with them. 2. According to this, git uses cURL to access https repositories but this workaround won’t help. Too bad.