touch-packages team mailing list archive

Thread
Date

[Bug 1475228] Re: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Timmie <1475228@xxxxxxxxxxxxxxxxxx>
Date: Sun, 06 Sep 2015 12:04:25 -0000
Reply-to: Bug 1475228 <1475228@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Same issue here when connecting to https://bootswatch.com via python-
requests

Linux Mint 17.2 Rafaela / Ubuntu 14.04 LTS

dpkg -l openssl
1.0.1f-1ubuntu2.15


openssl s_client -ssl3 -connect bootswatch.com:443

shows:

140204664612512:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1262:SSL alert number 40
140204664612512:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598

openssl s_client -connect bootswatch.com:443
CONNECTED(00000003)
140005724673696:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:770:

curl bootswatch.com:443 -3
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>cloudflare-nginx</center>
</body>
</html>


See further info similar observation:
http://stackoverflow.com/a/22858593

Why doe this happen & what could eb done?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1475228

Title:
  openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
  on TLS only configured server

Status in openssl package in Ubuntu:
  Incomplete

Bug description:
  (taken from http://askubuntu.com/questions/649000/openssl-curl-error-
  ssl23-get-server-hellotlsv1-alert-internal-
  error?noredirect=1#comment931621_649000)

  
  We encounter very strange problems connecting with openssl or curl to one of our servers, from Ubuntu 14.04

  Executing:

  openssl s_client -connect ms.icometrix.com:443
  gives:

  CONNECTED(00000003)
  140557262718624:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
  internal error:s23_clnt.c:770:
  A similar error when executing:

  curl https://ms.icometrix.com
  curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
  internal error
  Output of openssl version (on client/server):

  OpenSSL 1.0.1f 6 Jan 2014
  The funny thing is, the problem vanishes when connecting with other versions of Openssl:

  From a mac, OpenSSL 0.9.8zd 8 Jan 2015, all ok
  From centos, OpenSSL 1.0.1e-fips 11 Feb 2013, all ok
  Latest stable release on Ubuntu 14.04, OpenSSL 1.0.2d 9 Jul 2015, all ok.
  From server side, we do not see anything strange. The problem started when we disabled SSL3 on our machines.

  Might there be a problem with the build in the apt-get?

  We also test other versions, the one proposed by apt-cache showpkg,
  but the problem remains...

  
  BTW: I don't consider this the same as https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137?comments=al because, they're talking about SSL enabled servers.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228/+subscriptions