touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #77894
Re: [Bug 861137] Re: Openssl TLS errors while connecting to SSLv3 sites
Hi Seth,
thank you for the quick reply. Actually the bug occurs with TLSv1 (not 1.2 apparently) and SSLv3. with pythons 2.7.9's ssl module it works for example since it tries tls1.2 by default. I will add this information later I just found it out since I needed a quick solution for a production issue.
Gruß
Patrick Helmig
Co-Founder SECDASH
Tel: +49170 1880969
Mail: ph@xxxxxxxxxxx
Web: http://secdash.com
> Am 13.05.2015 um 22:06 schrieb Seth Arnold <861137@xxxxxxxxxxxxxxxxxx>:
>
> Patrick, I suggest filing a new bug; this bug is about TLS errors while
> connecting to SSLv3 sites, but the site you listed specifically does not
> support SSLv3:
> https://www.ssllabs.com/ssltest/analyze.html?d=auslandsjahr%2dusa.com&s=104.28.16.100&latest
>
> Thanks
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/861137
>
> Title:
> Openssl TLS errors while connecting to SSLv3 sites
>
> Status in openssl package in Ubuntu:
> Confirmed
>
> Bug description:
> I upgraded to Oneiric Ocelot beta1. OpenSSL version is "1.0.0e 6 Sep
> 2011"
>
> Now, when I connect to certain HTTPs servers with wget or curl I get a
> TLS error.
>
> With wget : OpenSSL: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
> With curl : curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
>
> In wget, this can be fixed by specifying --secure-protocol=sslv3 option
> In curl, this can be fixed by specifying -sslv3 option
>
> The issue is that the automatic check for the version seems to be
> failing. This is working fine in Natty systems using older versions of
> openssl.
>
> The impact of this will be in scripts using curl, wget etc. which will
> start failing after an upgrade.
>
> Ubuntu version
>
> Description: Ubuntu oneiric (development branch)
> Release: 11.10
>
> OpenSSL version : OpenSSL 1.0.0e 6 Sep 2011
>
> openssl:
> Installed: 1.0.0e-2ubuntu2
> Candidate: 1.0.0e-2ubuntu2
> Version table:
> *** 1.0.0e-2ubuntu2 0
> 500 http://us.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages
> 100 /var/lib/dpkg/status
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137/+subscriptions
>
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/861137
Title:
Openssl TLS errors while connecting to SSLv3 sites
Status in openssl package in Ubuntu:
Confirmed
Bug description:
I upgraded to Oneiric Ocelot beta1. OpenSSL version is "1.0.0e 6 Sep
2011"
Now, when I connect to certain HTTPs servers with wget or curl I get a
TLS error.
With wget : OpenSSL: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
With curl : curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
In wget, this can be fixed by specifying --secure-protocol=sslv3 option
In curl, this can be fixed by specifying -sslv3 option
The issue is that the automatic check for the version seems to be
failing. This is working fine in Natty systems using older versions of
openssl.
The impact of this will be in scripts using curl, wget etc. which will
start failing after an upgrade.
Ubuntu version
Description: Ubuntu oneiric (development branch)
Release: 11.10
OpenSSL version : OpenSSL 1.0.0e 6 Sep 2011
openssl:
Installed: 1.0.0e-2ubuntu2
Candidate: 1.0.0e-2ubuntu2
Version table:
*** 1.0.0e-2ubuntu2 0
500 http://us.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages
100 /var/lib/dpkg/status
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137/+subscriptions
References
