← Back to team overview

touch-packages team mailing list archive

[Bug 1442970] Re: Connecting to TLSv1.2 only servers fails without explicitly specifying protocol

 

This bug was fixed in the package openssl - 1.0.1-4ubuntu5.27

---------------
openssl (1.0.1-4ubuntu5.27) precise-security; urgency=medium

  * debian/patches/tls12_client_env.patch: Re-enable TLSv1.2 support on the
    client by default. For problematic setups, it can be disabled again by
    setting OPENSSL_NO_CLIENT_TLS1_2 in the environment during library
    initialization. (LP: #1442970)

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Mon, 27 Apr 2015
13:13:18 -0400

** Changed in: openssl (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1442970

Title:
  Connecting to TLSv1.2 only servers fails without explicitly specifying
  protocol

Status in openssl package in Ubuntu:
  Fix Released

Bug description:
  Package version: 1.0.1-4ubuntu5.25

  Recently one of my IRC networks changed to TLSv1.2 only and I was
  unable to connect. The version of OpenSSL in precise appears to have
  problems connecting to servers that only accept TLSv1.2.

  ZNC:
  <*status> Disconnected from IRC (error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure). Reconnecting...

  irssi:
  22:15 -!- Irssi: warning SSL handshake failed: sslv3 alert handshake failure
  22:15 -!- Irssi: Connection lost to irc.p2p-network.net

  OpenSSL:
  $ openssl s_client -connect irc.p2p-network.net:6697
  CONNECTED(00000005)
  139964049446560:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:732:

  Explicitly specifying TLSv1.2 works:
  $ openssl s_client -connect irc.p2p-network.net:6697 -tls1_2
  CONNECTED(00000005)
  ...
  New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
  Server public key is 4096 bit
  Secure Renegotiation IS supported
  Compression: NONE
  Expansion: NONE
  SSL-Session:
      Protocol  : TLSv1.2
      Cipher    : AES256-GCM-SHA384


  In vivid (openssl 1.0.1f-1ubuntu11):
  $ openssl s_client -connect irc.p2p-network.net:6697
  CONNECTED(00000003)
  ...
  New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
  Server public key is 4096 bit
  Secure Renegotiation IS supported
  Compression: NONE
  Expansion: NONE
  SSL-Session:
      Protocol  : TLSv1.2
      Cipher    : AES256-GCM-SHA384

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1442970/+subscriptions


References