[Pkg-openssl-devel] Bug#694667: Bug#694667: Partial solution for OpenSSL 1.0.1 bugs #665452, #666051, #2771
Kurt Roeckx
kurt at roeckx.be
Wed Nov 28 21:34:47 UTC 2012
On Wed, Nov 28, 2012 at 02:15:05PM -0700, Zack Morris wrote:
>
> sudo ifconfig eth0 mtu 1496
>
> The issue seems to be caused by something with TLS hanging with
> fragmented packets. Our network's MTU is 1496 instead of 1500. The
> server would wait after the client sent the initial client hello
> message. I tried everything from upgrading to 1.0.1-4ubuntu5.5 to
> passing CAfile and -cipher with no luck. I am using Ubuntu 12.0.4 linux
> 3.2.0-24-generic.
This issue you're having seems to me totally unrelated to openssl,
just that for the host you're connecting to Path MTU Detection
doesn't work properly. That's becauase some people filter too
much icmp traffic.
If there is something in your network that limits it to 1496,
I suggest you set your mtu like that. This will avoid many
problems.
ping with "-s 30000" should also work if nothing gets filtered.
A tool to diagnose those PMTUD problems is tracepath.
Kurt
More information about the Pkg-openssl-devel
mailing list