touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #92369
[Bug 1475228] Re: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server
If it helps, this is affecting me on Wheezy as well.
$ cat /etc/debian_version
7.8
$ openssl version
OpenSSL 1.0.1e 11 Feb 2013
$ openssl s_client -connect example.com:443
CONNECTED(00000003)
140073850304168:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:749:
Python script using requests and bs4:
$ python rss.py
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
Traceback (most recent call last):
File "rss.py", line 19, in <module>
feed = requests.get(x)
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 69, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 50, in request
response = session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 465, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 573, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 431, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: [Errno 1] _ssl.c:504: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
Same script and URL using feedparser:
$ python rss.py
{'feed': {}, 'bozo': 1, 'bozo_exception': URLError(SSLError(1, '_ssl.c:504: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error'),), 'entries': []}
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1475228
Title:
openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
on TLS only configured server
Status in openssl package in Ubuntu:
New
Bug description:
(taken from http://askubuntu.com/questions/649000/openssl-curl-error-
ssl23-get-server-hellotlsv1-alert-internal-
error?noredirect=1#comment931621_649000)
We encounter very strange problems connecting with openssl or curl to one of our servers, from Ubuntu 14.04
Executing:
openssl s_client -connect ms.icometrix.com:443
gives:
CONNECTED(00000003)
140557262718624:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
internal error:s23_clnt.c:770:
A similar error when executing:
curl https://ms.icometrix.com
curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
internal error
Output of openssl version (on client/server):
OpenSSL 1.0.1f 6 Jan 2014
The funny thing is, the problem vanishes when connecting with other versions of Openssl:
From a mac, OpenSSL 0.9.8zd 8 Jan 2015, all ok
From centos, OpenSSL 1.0.1e-fips 11 Feb 2013, all ok
Latest stable release on Ubuntu 14.04, OpenSSL 1.0.2d 9 Jul 2015, all ok.
From server side, we do not see anything strange. The problem started when we disabled SSL3 on our machines.
Might there be a problem with the build in the apt-get?
We also test other versions, the one proposed by apt-cache showpkg,
but the problem remains...
BTW: I don't consider this the same as https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137?comments=al because, they're talking about SSL enabled servers.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228/+subscriptions
