Wget TLS 1.2 error

sslwget

According to the manual, I should be able to specify TLS version 1.2 when using wget.

When I try, it fails.

wget https://site --no-check-certificate --secure-protocol=TLSv1_2
wget: --secure-protocol: Invalid value ‘TLSv1_2’.

If I use wget https://site --no-check-certificate --secure-protocol=TLSv1, it works just fine.

Version information:

wget --version
GNU Wget 1.15 built on linux-gnu.

+digest +https +ipv6 +iri +large-file +nls +ntlm +opie +ssl/openssl 

Wgetrc: 
    /etc/wgetrc (system)
Locale: 
    /usr/share/locale 
Compile: 
    gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc" 
    -DLOCALEDIR="/usr/share/locale" -I. -I../../src -I../lib 
    -I../../lib -D_FORTIFY_SOURCE=2 -I/usr/include -g -O2 
    -fstack-protector --param=ssp-buffer-size=4 -Wformat 
    -Werror=format-security -DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -g -Wall 
Link: 
    gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat 
    -Werror=format-security -DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -g -Wall 
    -Wl,-Bsymbolic-functions -Wl,-z,relro -L/usr/lib -lssl -lcrypto 
    -ldl -lz -lidn -luuid ftp-opie.o openssl.o http-ntlm.o 
    ../lib/libgnu.a 

Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://www.gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Originally written by Hrvoje Niksic <hniksic@xemacs.org>.
Please send bug reports and questions to <bug-wget@gnu.org>.

Best Answer

As written on the project page of wget, the secure protocols TLSv1_1 and TLSv1_2 were added in wget version 1.16.1. Your wget 1.15 does not support it.

Ressources:

http://savannah.gnu.org/forum/forum.php?forum_id=8159

Related Solutions

CURL/wget – SSLv3, TLS handshake, CERT hangs

curl -v --trace-time https://www.google.de

21:50:34.054955 * About to connect() to www.google.de port 443
21:50:34.056574 *   Trying 74.125.39.104... connected
21:50:34.104587 * Connected to www.google.de (74.125.39.104) port 443
21:50:34.313259 * successfully set certificate verify locations:
21:50:34.313349 *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
21:50:34.313758 * SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using RC4-SHA
21:50:34.418541 * Server certificate:
21:50:34.418631 *        subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
21:50:34.418726 *        start date: 2011-10-26 00:00:00 GMT
21:50:34.418799 *        expire date: 2013-09-30 23:59:59 GMT
21:50:34.418902 * SSL: certificate subject name 'www.google.com' does not match target host name 'www.google.de'
21:50:34.419000 * Closing connection #0
21:50:34.419124 * SSLv3, TLS alert, Client hello (1):
curl: (51) SSL: certificate subject name 'www.google.com' does not match target host name 'www.google.de'

It seems you are not able to verify the certificate since you are missing the ca-bundle.crt. This belongs (in CentOS 5) to the openssl-rpm.

“Short write” error message with wget

Old question but hey, no man pages and no df -i option while dling an ISO file.... sounds to me just like it's VMWare ESXi. In which case, all of your storage space will be assigned to your /vmfs/volumes/datastore1/ folder. This command will put the ISO where you need it for adding new VMs.

cd /vmfs/volumes/datastore1/ && wget http://centos.mbni.med.umich.edu/..../CentOS-6.2-x86_64-netinstall.iso

Related Question