[Pkg-openssl-devel] Bug#680137: Bug#680137: libssl1.0.0: handshake failure (wrong cipher) since 1.0.1 (1.0.0h works)
Kurt Roeckx
kurt at roeckx.be
Tue Oct 8 17:13:36 UTC 2013
On Tue, Oct 08, 2013 at 11:54:07AM +0200, Clement Hermann (nodens) wrote:
> Hello Kurt,
>
> Is there any news on this issue ? I have reports of the same problem
> from other debian users, and only debian users.
>
> After upgrade of the remote (netbsd) box, the problem still occurs.
> The issue is also still present in current sid version.
>
> We need to apply the ubuntu patch to connect (attached), wich seem to
> disable TLS_1.2 client altogether. I think this is enough, the second
> part of the patch may not be needed.
Yes, disabling TLS 1.2 seems to fix your issue, but I really have
no idea why. I also don't think this is a good idea.
You say that the other side is using OpenSSL 1.0.1, but it looks
like a really weird version to me. It doesn't seem to support
TLS 1.2 but does 1.1 while there never was a version released
that only didn't do 1.2 but did 1.1.
It seems to be a snapshot from cvs/git since it says "1.0.1-stable
05 Jun 2011" and doesn't actually have any real version in it.
Looking at the release history and git repository, it seems to be
in the middle of a development cycle. Please note that 1.0.1 was
released on 19 Apr 2012.
So I suggest you upgrade it to a released version like 1.0.1e or
the current 1.0.1-stable version.
Kurt
More information about the Pkg-openssl-devel
mailing list