OS: CentOS release 6.9 (Final)

CURL: curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2

Hello,

I have a host which I am trying to run a curl command from, for testing only

curl https://api.twitter.com/ -v

Returns the below

* About to connect() to api.twitter.com port 443 (#0)
*   Trying 104.244.42.2... connected
* Connected to api.twitter.com (104.244.42.2) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -5961
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error

After some lengthy reading I have come to the conclusion this is possibly a SLL issue due to either my OS version or CURL version, or both!

First question would be is that right? Are there indeed known issues with this configuration?

Second, can I build from source a working combination? I am unable to update my OS due to legacy dependencies

Try with specific ssl/tls or cipher suits for example: curl --tlsv1.2 https://api.twitter.com/

Since you say this is for testing only, you could try -k to connect insecurely:

curl -k https://api.twitter.com/

Or, if you think it’s an outdated SSL cert bundle you could download a newer certificate and trust store from the internet and try that by using the --cert and --cacert options

Rebuild a fresh server running centos 7

Worked straight away no issues!