[Pkg-openssl-devel] Bug#689529: libssl1.0.0: Cannot connect to www.labanquepostale.fr:443
Kurt Roeckx
kurt at roeckx.be
Wed Oct 3 17:18:24 UTC 2012
On Wed, Oct 03, 2012 at 06:55:21PM +0200, Jean-Christophe Dubacq wrote:
> Package: libssl1.0.0
> Version: 1.0.1c-4
> Severity: normal
>
> Dear Maintainer,
>
> The following site (a major bank in France) does not
> work with openssl > 1.0.0h-1:
>
> openssl s_client -connect www.labanquepostale.fr:443
> CONNECTED(00000003)
[...]
> It worked in 1.0.0h.
This seems to be an other case of a site having a problem with
a long client hello.
The only known cause of this is that they might use a product
from F5 Networks using their BigIP prodcut. I suggest you
contact the bank and let them know that they should upgrade
their software.
As work around you can do the following things:
- Limit the number of ciphers.
- Don't use TLS 1.2
Kurt
More information about the Pkg-openssl-devel
mailing list