[Pkg-openssl-devel] Bug#798690: handshake failure on get.docker.com

Eduard Bloch edi at gmx.de
Fri Sep 11 18:24:31 UTC 2015


Package: libssl1.0.0
Severity: normal

$ openssl s_client -connect get.docker.com:443
CONNECTED(00000003)
139902178879120:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 315 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---

I did the check above because my apt-cacher-ng recently started barking
this error for no obvious reason. Search on internet is inconclusive...
some people suggest to enforce TLSv1, other tell something about
KeyUsage extension.

I tried a code hack, change to SSL_CTX_new(TLSv1_1_client_method())
but that didn't help.

Regards,
Eduard.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0+ (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)

-- 
Hart ist Hart. Weich ist Weich. Aber immer weich ist hart.



More information about the Pkg-openssl-devel mailing list