← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #69478

[Bug 1442970] [NEW] Connecting to TLSv1.2 only servers fails without explicitly specifying protocol

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Package version: 1.0.1-4ubuntu5.25

Recently one of my IRC networks changed to TLSv1.2 only and I was unable
to connect. The version of OpenSSL in precise appears to have problems
connecting to servers that only accept TLSv1.2.

ZNC:
<*status> Disconnected from IRC (error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure). Reconnecting...

irssi:
22:15 -!- Irssi: warning SSL handshake failed: sslv3 alert handshake failure
22:15 -!- Irssi: Connection lost to irc.p2p-network.net

OpenSSL:
$ openssl s_client -connect irc.p2p-network.net:6697
CONNECTED(00000005)
139964049446560:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:732:

Explicitly specifying TLSv1.2 works:
$ openssl s_client -connect irc.p2p-network.net:6697 -tls1_2
CONNECTED(00000005)
...
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-GCM-SHA384


In vivid (openssl 1.0.1f-1ubuntu11):
$ openssl s_client -connect irc.p2p-network.net:6697
CONNECTED(00000003)
...
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-GCM-SHA384

** Affects: openssl (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: precise

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1442970

Title:
  Connecting to TLSv1.2 only servers fails without explicitly specifying
  protocol

Status in openssl package in Ubuntu:
  New

Bug description:
  Package version: 1.0.1-4ubuntu5.25

  Recently one of my IRC networks changed to TLSv1.2 only and I was
  unable to connect. The version of OpenSSL in precise appears to have
  problems connecting to servers that only accept TLSv1.2.

  ZNC:
  <*status> Disconnected from IRC (error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure). Reconnecting...

  irssi:
  22:15 -!- Irssi: warning SSL handshake failed: sslv3 alert handshake failure
  22:15 -!- Irssi: Connection lost to irc.p2p-network.net

  OpenSSL:
  $ openssl s_client -connect irc.p2p-network.net:6697
  CONNECTED(00000005)
  139964049446560:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:732:

  Explicitly specifying TLSv1.2 works:
  $ openssl s_client -connect irc.p2p-network.net:6697 -tls1_2
  CONNECTED(00000005)
  ...
  New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
  Server public key is 4096 bit
  Secure Renegotiation IS supported
  Compression: NONE
  Expansion: NONE
  SSL-Session:
      Protocol  : TLSv1.2
      Cipher    : AES256-GCM-SHA384


  In vivid (openssl 1.0.1f-1ubuntu11):
  $ openssl s_client -connect irc.p2p-network.net:6697
  CONNECTED(00000003)
  ...
  New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
  Server public key is 4096 bit
  Secure Renegotiation IS supported
  Compression: NONE
  Expansion: NONE
  SSL-Session:
      Protocol  : TLSv1.2
      Cipher    : AES256-GCM-SHA384

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1442970/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next