[Pkg-openssl-devel] Bug#665452: Bug#665452: libssl1.0.0: breaks HTTPS download of some sites (eg. https://sourceforge.net)

Bastian Kleineidam calvin at debian.org
Sat Mar 24 18:45:51 UTC 2012


Hello Kurt,

Am Saturday, 24. March 2012, 12:39:03 schrieb Kurt Roeckx:
> And forcing an SSL3 or TLS1 connection using s_client also works.
Can I configure this somehow to be the default for all applications
using libssl?

> On the other hand "gnutls-cli sourceforge.net" does work as
> expected.
Yes, there are some gnutls alternatives. Unfortunately the Perl and
Python https libraries are using libssl. In fact that is when I first
noticed the bug: my custom python script could not login to Sourceforge
anymore.

> So I think someone at sourceforge will have to take a look at this.
This upstream bug seems to be the same problem:
http://rt.openssl.org/Ticket/Display.html?id=2771&user=guest&pass=guest
Unfortunately the developer does not seem to see that as a regression :-/

I guess the best choice for me right now is to keep using v1.0.0h.

Regards,
  Bastian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20120324/6ca4cfe3/attachment.pgp>


More information about the Pkg-openssl-devel mailing list