curl 7.58 under proxy issue ssl wrong version

I just installed an Arch based distribution Antergos. Then I installed few packages with pacman. Now after a restart I am getting ssl errors while trying to clone git. fatal: unable to access 'https://xxxx@bitbucket.org/xxx/yyyy.git/ ': error:1408F10B:SSL routines:ssl3_get_record:wrong version number also curl to any https doesn't work. curl https://google.com curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number curl looks latest. $ curl --version curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.0g zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 Release-Date: 2018-01-24 Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL $ pacman -Q | egrep 'ssl|curl' curl 7.58.0-1 openssl 1.1.0.g-1 openssl-1.0 1.0.2.n-1 python-pycurl 7.43.0.1-1 $ ldd which curl linux-vdso.so.1 (0x00007ffdccee9000) libcurl.so.4 => /usr/lib/libcurl.so.4 (0x00007fe06a5a5000) libpthread.so.0 => /usr/lib/libpthread.so.0 (0x00007fe06a387000) libc.so.6 => /usr/lib/libc.so.6 (0x00007fe069fd0000) libnghttp2.so.14 => /usr/lib/libnghttp2.so.14 (0x00007fe069dab000) libidn2.so.0 => /usr/lib/libidn2.so.0 (0x00007fe069b8e000) libpsl.so.5 => /usr/lib/libpsl.so.5 (0x00007fe069980000) libssl.so.1.1 => /usr/lib/libssl.so.1.1 (0x00007fe069716000) libcrypto.so.1.1 => /usr/lib/libcrypto.so.1.1 (0x00007fe069299000) libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00007fe06904b000) libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00007fe068d63000) libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00007fe068b30000) libcom_err.so.2 => /usr/lib/libcom_err.so.2 (0x00007fe06892c000) libz.so.1 => /usr/lib/libz.so.1 (0x00007fe068715000) /lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007fe06aa4a000) libunistring.so.2 => /usr/lib/libunistring.so.2 (0x00007fe068393000) libdl.so.2 => /usr/lib/libdl.so.2 (0x00007fe06818f000) libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x00007fe067f82000) libkeyutils.so.1 => /usr/lib/libkeyutils.so.1 (0x00007fe067d7e000) libresolv.so.2 => /usr/lib/libresolv.so.2 (0x00007fe067b67000) I am behind proxy $ proxytunnel -p PROXY_IP:PROXY_PORT -d www.google.com:443 -a 7000 $ openssl s_client -connect localhost:7000 CONNECTED(00000003) depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify return:1 depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2 verify return:1 depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = www.google.com verify return:1 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com i:/C=US/O=Google Inc/CN=Google Internet Authority G2 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2 i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIEdjCCA16gAwIBAgIINC+Y7yLd9OswDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl cm5ldCBBdXRob3JpdHkgRzIwHhcNMTgwMjA3MjExMzI5WhcNMTgwNTAyMjExMTAw WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3 Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7lAOc gsUECzoiJfpnAtq9qxAeTWBS8KYCd3ESvd7255YXW8FUiGTj9MYSSJ3OlYQvvU1I NmnIXNU7BnhUBbY1kW4+GXc5RimwiIW5VsWftt1XOVZh5mR08DhYQjdQqI3IhK6r FTS6/6BvFcjWMT/rVQv59XDaQLqWXSomEzOr1vDRXZSbAPr+YAGKUj+K0TjgZNW1 8xo8Lyp8kDjFxrWaThfwFMosbFw5HnnzpT1WSHfmXmF1mvvk4cJ+U2m3+K2pRki8 nNnWafLPdT408XoXrbWLVeEVSIQQH5z93uoj5lESal05pnOY5yYUJ+vmHdY7jOBh sT9HaGzl3kD2J+1BAgMBAAGjggFBMIIBPTATBgNVHSUEDDAKBggrBgEFBQcDATAZ BgNVHREEEjAQgg53d3cuZ29vZ2xlLmNvbTBoBggrBgEFBQcBAQRcMFowKwYIKwYB BQUHMAKGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcnQwKwYIKwYBBQUH MAGGH2h0dHA6Ly9jbGllbnRzMS5nb29nbGUuY29tL29jc3AwHQYDVR0OBBYEFNGB jzGWH9WkzeHj88QOo3gBTBs+MAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUSt0G Fhu89mi1dvWBtrtiGrpagS8wIQYDVR0gBBowGDAMBgorBgEEAdZ5AgUBMAgGBmeB DAECAjAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB RzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBxOxsCFg7RIa0zVDI0N9rTNaPopqX9 yrIlK1u+C2ohrg5iF5XlTEzTuH43D/J0Lz550D9Cft4s6lWaNKpVDhNivEy2nzK5 ekuQKYtoQlIyfUnD5GnGZyr3m2AcMFnAAhlXVbyiJk0VNLDGCMVBaOuL/yT8X5dQ j8MrKSvZRaUt2oixE7fKGNv5nhs0wuHu1TEU/8R5UMxbJs8knMZsRcfsvzjXpEHC guA54xPnLFiU0QTw4GIFi5nDvfR5cF2UAJZNIF4o4sr4DB8+X7DWtBmMNHuR4Cpn HEdlVzOA7BAGx8yO6AddwJo8AlxviCaPol1xPB8uJCGh/U0/7XhtR93S -----END CERTIFICATE----- subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2 --- No client certificate CA names sent Peer signing digest: SHA256 Server Temp Key: X25519, 253 bits --- SSL handshake has read 3790 bytes and written 261 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-CHACHA20-POLY1305 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-CHACHA20-POLY1305 Session-ID: BEE4D8162570B4AB0C8121DEC5756B6DC063DB3E7321BB58FD12D566482AD99A Session-ID-ctx: Master-Key: B050C78AAC1A0DF5063263DDCD3437CD3A4029E7D5431E236936D2D88AAAD2555A18D92318C9E2E31A550E339D4C26A8 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 100800 (seconds) TLS session ticket: 0000 - 00 41 04 37 20 26 a1 bc-2b d0 86 8c 6b a5 74 ef .A.7 &..+...k.t. 0010 - 5c 82 0e d3 ec f7 97 0f-a9 9c cb e8 69 a8 0d 67 \...........i..g 0020 - 13 10 87 ec 22 da 60 d3-9b 98 f2 a4 ce 93 95 1c ....".`......... 0030 - 8f fa 71 57 b9 d9 9b 9f-14 9e 37 95 e5 70 e8 70 ..qW......7..p.p 0040 - 4b f5 ff c4 79 b6 f8 9c-32 f2 2a 13 81 1c 5b 9c K...y...2.*...[. 0050 - f3 52 26 df e6 8c db bd-23 c9 24 3e 46 8c 99 9a .R&.....#.$>F... 0060 - 13 53 69 5e 5d 2c c1 0f-e4 6d de df a9 33 af d9 .Si^],...m...3.. 0070 - 1f 89 e7 c1 d9 8a d1 05-1a 88 c2 27 e2 0a 56 0f ...........'..V. 0080 - 40 ec 5c ed a3 ca f4 1e-f8 83 85 3b 7e 22 7d f5 @.\........;~"}. 0090 - b4 b7 96 a5 ca 27 4b 40-61 88 9d 58 d3 d6 e9 e7 .....'K@a..X.... 00a0 - 1f 72 7c bf 25 24 f6 ab-83 a1 90 ae 97 92 d8 40 .r|.%$.........@ 00b0 - 14 3b 5d 07 cd 5a 79 bc-eb 6b ae 66 f1 42 0c 11 .;]..Zy..k.f.B.. 00c0 - a5 7e 68 f9 c1 51 6f 3d-7e f9 28 79 2a 32 d5 ea .~h..Qo=~.(y*2.. 00d0 - 90 4f ee 2c 84 ac 66 0b-8d dc .O.,..f... Start Time: 1519286347 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- read:errno=0 What is the solution ? **Update** Confirming this is necessarily a curl issue. I turn off proxy and connect directly curl https works. I set any other proxy server ip and port from https://free-proxy-list.net/ and then try to connect curl through proxy. I get the same error. So either this curl version has a bug or so many proxy servers are wrongly configured. **Update** I think the issue is related to Deepin DE. I switched from Deeping Desktop Environment to Standard Gnome and curl started working fine. Possibly this is a bug related to Deepin's Network Settings. Although it sets the environment variables correctly.