[Pkg-openssl-devel] Bug#701826: libssl1.0.0: "handshake failure" messages with openconnect
Ray Kohler
ataraxia937 at gmail.com
Wed Feb 27 16:07:33 UTC 2013
Package: libssl1.0.0
Version: 1.0.1e-1
Severity: normal
After upgrading libssl1.0.0 from 1.0.1c-4 to 1.0.1e-1, using the
openconnect VPN client (version 3.20-3, both before and after the
openssl upgrade) produces many of these messages, about one pair per
minute:
Feb 27 09:08:52 asenath openconnect[4692]: DTLS handshake failed: 1
Feb 27 09:08:52 asenath openconnect[4692]: 140011978094248:error:14102410:SSL routines:DTLS1_READ_BYTES:sslv3 alert handshake failure:d1_pkt.c:1166:SSL alert number 40
Within the first minute after starting openconnect, I also see one like
this, which doesn't recur:
Feb 27 09:07:50 asenath openconnect[4692]: DTLS handshake failed: 2
None of these appeared before this upgrade.
I don't see any impact on openconnect's actual functionality, so it
appears to retry in some manner more acceptable to openssl.
It is, of course, possible that the openssl change is perfectly correct,
and that this bug should be reassigned to openconnect for a
"compatibility catch-up" change.
-- System Information:
Debian Release: 7.0
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libssl1.0.0 depends on:
ii debconf [debconf-2.0] 1.5.49
ii libc6 2.13-38
ii multiarch-support 2.13-38
ii zlib1g 1:1.2.7.dfsg-13
libssl1.0.0 recommends no packages.
libssl1.0.0 suggests no packages.
-- debconf information:
libssl1.0.0/restart-failed:
* libssl1.0.0/restart-services:
More information about the Pkg-openssl-devel
mailing list