[Pkg-openssl-devel] OpenSSL can no longer pull certificate after upgrade
Kurt Roeckx
kurt at roeckx.be
Mon Apr 2 21:07:02 UTC 2012
On Mon, Apr 02, 2012 at 04:20:50PM -0400, Sam Rowe wrote:
> Hi,
>
> I fetch my mail with offlineimap which also broke as a result of a
> recent upgrade.
>
> I've tracked the problem down to openssl. On Debian Stable I'm able to
> run the following with no problem:
>
> openssl s_client -connect exg5.exghost.com:imaps -showcerts
>
> The certs are displayed very quickly and the imap process eventually
> times out as expected.
This is a known problem, upstream is working on a fixed version.
This can be worked around by using a smaller ClientHello message,
for instance by disabling TLS 1.1 and 1.2, or by disabling a
cipher like AES.
The easier way to work around it is to downgrade to the
1.0.0h version.
Kurt
More information about the Pkg-openssl-devel
mailing list