jsnydr, klavs, kylea, note that you may also be experiencing what is
documented at
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137 -- some
servers and services cannot handle TLS 1.1 or newer handshakes.
It would be worth going to some effort to determine if your peers can
handle TLS
I am currently experiencing this problem with my 12.04 installation.
'dpkg' says that I have 1.0.1-4ubuntu5 installed.
I am using precise-updates and synaptic seems to think I am completely
up to date.
I can work around by forcing a specific version of SSL manually.
--
You received this bug
Ohh - and here's a site I just found I can't visit (but it works from
CentOS) : https://www.soljerome.com/blog/2011/12/17/mirroring-rhn-with-
mrepo-on-rhel6/
pretty annoying :(
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I have the same problem with precise.
I have just dist-upgraded - and have:
libssl1.0.0 1.0.1-4ubuntu5.7
openssl 1.0.1-4ubuntu5.7
yet openssl s_client can ONLY connect if I use -tls1 or -ssl3
--
You received this bug notification because you are a
it hits my php application - which can't connect to the server- and I
don't know how to make it use -ssl3 or equivalent.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/986147
Title:
openssl
3.2.0-32-generic #51-Ubuntu SMP Wed Sep 26 21:33:09 UTC 2012 x86_64
x86_64 x86_64 GNU/Linux
Description:Ubuntu 12.04.1 LTS
Release:12.04
Are we sure this is fixed - I still have to specify -ssl3
--- this works:
openssl s_client -connect WWW.ITVSN.COM.AU:443 -state -ssl3
--- this
BTW - have 1.0.1-4ubuntu5.5 of libssl1.0.0 installed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/986147
Title:
openssl 1.0.1-4ubuntu2 breaks a bunch of ciphers
To manage notifications about this
Is there any date for this fix to be released? Ubuntu 12.04.1 still
shipped with 1.0.1-4ubuntu3.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/986147
Title:
openssl 1.0.1-4ubuntu2 breaks a bunch of
The fix for this is already released in precise-updates (which is on
1.0.1-4ubuntu5.5). See
https://help.ubuntu.com/community/Repositories/Ubuntu#Updates_Tab for
enabling -updates if you need help with this.
I'm not sure how to verify what version shipped in 12.04.1. But if you
are waiting for an
For xapienz and others affected by this bug again in Quantal, this issue
is being tracked in bug #1051892
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/986147
Title:
openssl 1.0.1-4ubuntu2 breaks a
Please make fix for quantal.
Currently quantal has openssl_1.0.1c-3ubuntu1, it has this bug. After
installing openssl_1.0.1-4ubuntu5 from precise everything works fine, but dpkg
thinks it is downgrade.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
@xapienz: please file a new bug for your issue, this bug is closed.
Thanks.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/986147
Title:
openssl 1.0.1-4ubuntu2 breaks a bunch of ciphers
To manage
This bug was fixed in the package openssl - 1.0.1-4ubuntu5
---
openssl (1.0.1-4ubuntu5) precise-proposed; urgency=low
* debian/patches/CVE-2012-2110b.patch: Use correct error code in
BUF_MEM_grow_clean()
openssl (1.0.1-4ubuntu4) precise-proposed; urgency=low
* Check
This bug was fixed in the package openssl - 1.0.1-4ubuntu5
---
openssl (1.0.1-4ubuntu5) precise-proposed; urgency=low
* debian/patches/CVE-2012-2110b.patch: Use correct error code in
BUF_MEM_grow_clean()
openssl (1.0.1-4ubuntu4) precise-proposed; urgency=low
* Check
on ubuntu 12.04 server edition x64, i have to enable higher than RC4
chiper such as camelia or aes on apache to be enable to test curl
https://mydomain.com here.
if i set it to RC4 only from apache mod ssl.conf, then the curl
https://mydomain.com produced an error message regarding handshake
i have installed 1.0.1-4ubuntu5 but it still doesnt work
openssl s_client -connect d18kq98amm3n6k.cloudfront.net:443
CONNECTED(0003)
140107426719392:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake failure:s23_clnt.c:724:
---
no peer certificate available
---
No
i am sorry was to quick to post..
i only installed openssl (1.0.1-4ubuntu5) but libssl1.0.0 (1.0.1-4ubuntu5) was
needed aswell
it works!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/986147
Title:
Accidentally changed the status. Looking how to revert the change.
Sorry!
** Changed in: openssl (Ubuntu Precise)
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: openssl (Ubuntu Precise)
Status: Fix Released = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/986147
Title:
openssl 1.0.1-4ubuntu2 breaks a bunch of ciphers
To
** Branch linked: lp:ubuntu/openssl
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/986147
Title:
openssl 1.0.1-4ubuntu2 breaks a bunch of ciphers
To manage notifications about this bug go to:
I do understand the severity, and I don't mean to minimise it; the
difficulty is that OpenSSL 1.0.1 has been problematic from the start,
and every change fixes some cases while breaking others. Rolling back
all the way to 1.0.0, while perhaps the safest option in some cases, is
by now too
Hello Thomas, or anyone else affected,
Accepted openssl into precise-proposed. The package will build now and
be available in a few hours. Please test and give feedback here. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed. Thank you in
Colin: I think I understand now much better; thanks. The upgrade to
1.0.1 increased the number of ciphers, which in turn broke communication
with bad servers (of which there may be an important number). What a
thorny little knot of a problem. Short of fixing these bad servers
(which might be a
I'm pleased to report that 1.0.1-4ubuntu5 seems to resolve our symptoms.
Many thanks Martin and Colin for that!
It only kicks the can down the road a bit, but it does give some
breathing room.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/986147
Title:
openssl 1.0.1-4ubuntu2 breaks a bunch of ciphers
To manage
Colin, I hope you'll reconsider this change and revert it.
I understand that there are buggy servers which fail when they get
offered too many ciphers by clients, but they *always* failed; that's
nothing new. So in order to expand the use cases for the library, this
change has caused a
One of our engineers says this:
FWIW, looking at the code, the problematic chunk, added to ssl/s23_clnt.c by
tls12_workarounds.patch, was
@@ -467,6 +469,15 @@
SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
return -1;
Other things that would save us:
1) Any way to disable this regression from configuration files or the like.
(Merely adding an option in the library interface wouldn't help unless puppet
also can be told to pass that option.)
2) Any way from configuration files to tell SSL to use the equivalent
openssl s_client -showcerts -connect d3vwyrdyja2n00.cloudfront.net:443 - Fails
openssl s_client -showcerts -tls1 -connect d3vwyrdyja2n00.cloudfront.net:443 -
Works
** Changed in: openssl (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of
** Changed in: openssl (Ubuntu)
Importance: Undecided = High
** Changed in: openssl (Ubuntu)
Assignee: (unassigned) = Canonical Foundations Team
(canonical-foundations)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Tags added: rls-p-tracking
** Changed in: openssl (Ubuntu)
Milestone: None = ubuntu-12.04.1
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/986147
Title:
openssl 1.0.1-4ubuntu2 breaks a bunch
31 matches
Mail list logo
