[Pkg-openssl-devel] Bug#680137: Bug#680137: irssi: Can't connect to SSL-enabled server after upgrading libssl

John Morrissey jwm at horde.net
Sat Apr 6 22:25:42 UTC 2013


On Sat, Apr 06, 2013 at 09:07:50PM +0200, Kurt Roeckx wrote:
> On Sat, Apr 06, 2013 at 01:47:51PM -0400, John Morrissey wrote:
> > On Fri, Jan 11, 2013 at 03:10:32PM +0100, Clement Hermann (nodens) wrote:
> > > With some more test and some help from a friend, we made some progress.
> > > 
> > > It *does* work when adding -no_tls1_1 option to openssl s_client.
> > > 
> > > It works if the server allows renegociation : I can connect to
> > > freenode.
> > > 
> > > It seems to be #665452 again, or a variant.
> > > 
> > > Anyway, that explains why it works in ubuntu. The patch
> > > tls12_workarounds.patch (attached) works around it (but I'm not
> > > qualified to tell whether this is an acceptable solution or not).
> > 
> > I noticed the same thing with ircd-hybrid (rebuilt per the package's
> > instructions to enable SSL support) after upgrading to wheezy recently.
> > 
> > wheezy's irssi refused to connect to the ircd, which was running on the
> > local host and linked to the same version of OpenSSL:
> > 
> >   140308295767720:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1355:
> 
> Can you reproduce this problem with s_client trying to connect to
> the irc server?
> 
> Looking at the hybrid source, it doesn't seem to contain any
> calls to something like OpenSSL_add_all_algorithms().  My
> guess would be that adding that call would fix the problem.

Hm, I tried just now, but couldn't reproduce with s_client. However, the
issue was still reproducible with irssi+openssl 1.0.1e.

john
-- 
John Morrissey          _o            /\         ----  __o
jwm at horde.net        _-< \_          /  \       ----  <  \,
www.horde.net/    __(_)/_(_)________/    \_______(_) /_(_)__



More information about the Pkg-openssl-devel mailing list