Curl fails with ntlm proxy

My work uses an NTLM proxy. On my Linux servers and workstations we us cntlm to authenticate. I'm not having any issues with yum,wget, or the web browser, but for some reason curl refuses to work correctly. [root@rhel7 ~]# curl -vv https://get.docker.com/ * About to connect() to get.docker.com port 443 (#0) * Trying 52.84.21.59... * Connected to get.docker.com (52.84.21.59) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -5938 (PR_END_OF_FILE_ERROR) * Encountered end of file * Closing connection 0 curl: (35) Encountered end of file Here is my version information: [root@rhel7 ~]# curl -V -v curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.16.2.3 Basic ECC zlib/1.2.7 libidn/1.28 libssh2/1.4.3 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz Of course, it works if I connect to localhost: [root@rhel7 ~]# curl -vv localhost/mediawiki/ * About to connect() to proxy 127.0.0.1 port 3128 (#0) * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0) > GET HTTP://localhost/mediawiki/ HTTP/1.1 > User-Agent: curl/7.29.0 > Host: localhost > Accept: */* > Proxy-Connection: Keep-Alive > < HTTP/1.1 301 Moved Permanently < Date: Mon, 01 Feb 2016 19:43:50 GMT < Server: Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 < X-Powered-By: PHP/5.4.16 < X-Content-Type-Options: nosniff < Vary: Accept-Encoding,Cookie < Expires: Thu, 01 Jan 1970 00:00:00 GMT < Cache-Control: private, must-revalidate, max-age=0 < Last-Modified: Mon, 01 Feb 2016 19:43:50 GMT < Location: http://rhel7/mediawiki/index.php/Main_Page < Content-Length: 0 < Keep-Alive: timeout=5, max=100 < Connection: keep-alive < Content-Type: text/html; charset=utf-8 < Proxy-Connection: keep-alive < * Connection #0 to host 127.0.0.1 left intact And: [root@rhel7 ~]# uname -a Linux rhel7.example.com 3.10.0-327.4.5.el7.x86_64 #1 SMP Thu Jan 21 04:10:29 EST 2016 x86_64 x86_64 x86_64 GNU/Linux cntlm.conf: [root@rhel7 ~]# grep -v "#" /etc/cntlm.conf Username John.Smith Domain EXAMPLE.COM Proxy 159.29.10.10:8080 Auth NTLMv2 PassNTLMv2 121212121212121212112121212 Listen 3128 NoProxy localhost, 127.0.0.*, 10.*, 192.168.*