[Pkg-openssl-devel] Bug#680137: Bug#680137: irssi: Can't connect to SSL-enabled server after upgrading libssl
John Morrissey
jwm at horde.net
Sat Apr 6 22:25:42 UTC 2013
On Sat, Apr 06, 2013 at 09:07:50PM +0200, Kurt Roeckx wrote:
> On Sat, Apr 06, 2013 at 01:47:51PM -0400, John Morrissey wrote:
> > On Fri, Jan 11, 2013 at 03:10:32PM +0100, Clement Hermann (nodens) wrote:
> > > With some more test and some help from a friend, we made some progress.
> > >
> > > It *does* work when adding -no_tls1_1 option to openssl s_client.
> > >
> > > It works if the server allows renegociation : I can connect to
> > > freenode.
> > >
> > > It seems to be #665452 again, or a variant.
> > >
> > > Anyway, that explains why it works in ubuntu. The patch
> > > tls12_workarounds.patch (attached) works around it (but I'm not
> > > qualified to tell whether this is an acceptable solution or not).
> >
> > I noticed the same thing with ircd-hybrid (rebuilt per the package's
> > instructions to enable SSL support) after upgrading to wheezy recently.
> >
> > wheezy's irssi refused to connect to the ircd, which was running on the
> > local host and linked to the same version of OpenSSL:
> >
> > 140308295767720:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1355:
>
> Can you reproduce this problem with s_client trying to connect to
> the irc server?
>
> Looking at the hybrid source, it doesn't seem to contain any
> calls to something like OpenSSL_add_all_algorithms(). My
> guess would be that adding that call would fix the problem.
Hm, I tried just now, but couldn't reproduce with s_client. However, the
issue was still reproducible with irssi+openssl 1.0.1e.
john
--
John Morrissey _o /\ ---- __o
jwm at horde.net _-< \_ / \ ---- < \,
www.horde.net/ __(_)/_(_)________/ \_______(_) /_(_)__
More information about the Pkg-openssl-devel
mailing list