Cannot connect to HTTPS

[alexisbg]

Your Windows build number: 10.0.17763.195
Linux kernel version: 4.4.0-17763-Microsoft #194-Microsoft Mon Dec 03 17:58:00 PST 2018 x86_64 x86_64 x86_64 GNU/Linux
Distribution: Ubuntu 18.04

What you're doing and what's happening:
Since Windows 10 October 2018 Update has been installed, WSL is unable to establish SSL/TLS connections. By instance, if I try a HTTPS URL with curl:

user@HOSTNAME:~$ curl --verbose https://packages.microsoft.com/ubuntu/18.04/prod
*   Trying 13.80.10.205...
* TCP_NODELAY set
* Connected to packages.microsoft.com (13.80.10.205) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to packages.microsoft.com:443
* stopped the pause stream!
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to packages.microsoft.com:443

And this is the same with wget or apt update, even when Windows' firewall and antivirus have been disabled. But there is no problem with HTTP requests.

[therealkenc]

$ powershell.exe "Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct" | grep displayName

[alexisbg]

Thanks. Here is the result:

$ powershell.exe "Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct" | grep displayName
displayName              : Windows Defender
displayName              : Kaspersky Free

[therealkenc]

displayName : Kaspersky Free

Uninstall it. Start over.

[alexisbg]

Thank you again for your help.

You are right, the culprit is Kaspersky. If you pause its protection, HTTPS still fails. But you do not need to fully uninstall it. You can simply exit it before running some HTTPS requests in WSL and start it again after.

You can also modify some Network settings in Settings > Additional > Network. There are 3 solutions:

• Disable monitoring of HTTPS/443 port
• Disable encrypted connections scanning
• Add the domain names you usually call, like those called by apt update

I guess the 2 first ones can be a security issue... But latest one seems to be a good workaround.

[j2l]

I lost 3 hours on this one. I got silent fail from curl and wget, errors from NodeJS (because of curl -s in the downloaded install.sh and "no reply" = "stretch not supported", debian finally blamed and replaced by ubuntu 18 ... same silent fart.
Since curl -sL https://deb.nodesource.com/setup_ is SILENT (-s), you don't see the error to get to this ticket.
Thanks for the Kaspersky details. I think I'll switch to another AV, more verbose. Any hint?

[Peppershaker]

Thank you again for your help.

You are right, the culprit is Kaspersky. If you pause its protection, HTTPS still fails. But you do not need to fully uninstall it. You can simply exit it before running some HTTPS requests in WSL and start it again after.

You can also modify some Network settings in Settings > Additional > Network. There are 3 solutions:

* Disable monitoring of HTTPS/443 port

* Disable encrypted connections scanning

* Add the domain names you usually call, like those called by apt update

I guess the 2 first ones can be a security issue... But latest one seems to be a good workaround.

real mvp

[awerdx520]

I only used Windows Defender, and my use of HTTPS apt update sources is normal, only curl, wget is not correct (git HTTPS is normal).Is there a solution?Is it defender?

[Satont]

Same issue for me.

Windows version:

Microsoft Windows [Version 10.0.19041.388]

WSL distros

PS C:\Users\Satont> wsl --list --verbose
  NAME      STATE           VERSION
* Debian    Running         2
  Ubuntu    Stopped         2

Debian kernel version:

satont@sempai  ~  uname -a
Linux sempai 4.19.104-microsoft-standard #1 SMP Wed Feb 19 06:37:35 UTC 2020 x86_64 GNU/Linux

I don't have any antiviruses, firewall is disabled.

[edarioq]

Same issue ! This post is several months old, is this still broken ? It's like one of the most important things for a dev machine to have working...

Windows

Windows 10 Pro
Version 20H2
OS build 19042.685

WSL

   NAME      STATE          VERSION
 * Ubuntu    Running        2

Ubuntu

Linux version 4.19.128-microsoft-standard (oe-user@oe-host) (gcc version 8.2.0 (GCC)) #1 SMP Tue Jun 23 12:58:10 UTC 2020

[gradinarot]

Has anyone managed to resolve this?

[edarioq]

@gradinarot What fixed it for me is using Ubuntu 18 instead of 20.

[janpfeifer]

Any other solutions ? I fiddled around Windows Defender Firewall, but even disabling it has no effect on the filtering of the SSL connections ... very odd.

[janpfeifer]

MTU !? As in TCP MTU (https://en.wikipedia.org/wiki/Maximum_transmission_unit) ?

After poking around I found this:

https://gist.github.com/noelbundick/9c804a710eb76e1d6a234b14abf42a52#file-excludewsl-ps1

(edited)

I thought that had solved the issue, but I mistyped my test (replaced https with http), my bad.

I also played around with changing the MTU of the Windows interface (the WSL ifconfig mtu was not changeable ...), but it didn't have any impact on the connection :\ ... any ideas ?