[Pkg-openssl-devel] Bug#680137: Bug#680137: libssl1.0.0: handshake failure (wrong cipher) since 1.0.1 (1.0.0h works)

[Clement Hermann (nodens)]

On 08/10/2013 19:13, Kurt Roeckx wrote:
>
> Yes, disabling TLS 1.2 seems to fix your issue, but I really have
> no idea why.  I also don't think this is a good idea.
>
> You say that the other side is using OpenSSL 1.0.1, but it looks
> like a really weird version to me.  It doesn't seem to support
> TLS 1.2 but does 1.1 while there never was a version released
> that only didn't do 1.2 but did 1.1.
>
> It seems to be a snapshot from cvs/git since it says "1.0.1-stable
> 05 Jun 2011" and doesn't actually have any real version in it.
> Looking at the release history and git repository, it seems to be
> in the middle of a development cycle.  Please note that 1.0.1 was
> released on 19 Apr 2012.
>
> So I suggest you upgrade it to a released version like 1.0.1e or
> the current 1.0.1-stable version.
The server admin fixed the issue by importing this commit in the 1.0.1c
NetBSD version :
http://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff;f=ssl/s3_pkt.c;h=dca345865a10a5fae10741e009676731181fc60d;hp=2d569cc1cedc5aa2bb0d0e7f876a22468e77950e;hb=c3b130338760a7e52656fd217d1d4c846e85cdff;hpb=5762f7778da56b9502534fd236007b9a1b0244d9

I think the issue is in the client as well, but fixing it on the server
side is enough for it to work.

Cheers,


-- 
Clement Hermann (nodens)
- "L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?"
Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/

Vous trouverez ma clef publique sur le serveur public pgp.mit.edu.
Please find my public key on the public keyserver pgp.mit.edu.