[Pkg-openssl-devel] Bug#891570: [Bug#891570: SSL connect attempt failed error:141A90B5:SSL routines:ssl_cipher_list_to_bytes:no ciphers available
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Tue Feb 27 20:39:11 GMT 2018
control: clone -1 -2
control: reassign -2 libio-socket-ssl-perl 2.056-1
control: severity -2 normal
control: tags -2 patch
On 2018-02-27 21:52:23 [+0800], 積丹尼 Dan Jacobson wrote:
> Here is all you need to reproduce it:
>
> $ mech-dump https://mbasic.facebook.com/
> POST https://mbasic.facebook.com/login.php?refsrc=https%3A%2F%2Fmbasic.facebook.com%2F&lwv=100&refid=8
>
> Now upgrade libssl1.1:amd64 1.1.0g-2 1.1.1~~pre1-1
>
> $ mech-dump https://mbasic.facebook.com/
> Error GETing https://mbasic.facebook.com/: Can't connect to mbasic.facebook.com:443 (SSL connect attempt failed error:141A90B5:SSL routines:ssl_cipher_list_to_bytes:no ciphers available) at /usr/bin/mech-dump line 68.
> $ dlocate mech-dump
> libwww-mechanize-perl: /usr/bin/mech-dump
Thank you. This was helpfull.
The problem is that libio-socket-ssl-perl has a predefined cipher list
which does not include any TLS1.3 cipher (yes, it has its own). The
patch attached adds TLS1.3 cipher which means that it is possible to
negotiate a TLS1.3 connection if the remote side supports it.
I cloned the bug and hope that openssl falls back to TLS1.2 only
connection if the ciphers are missing especially if the remote side does
not support 1.3. Lets see about that…
Sebastian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libio-socket-ssl-perl-add-TLS13-ciphers.diff
Type: text/x-diff
Size: 528 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20180227/352cdc40/attachment.diff>
More information about the Pkg-openssl-devel
mailing list