Your message dated Sun, 29 Apr 2012 19:32:03 +0200
with message-id <[email protected]>
and subject line openssl 1.0.1 issues
has caused the Debian Bug report #665452,
regarding libssl1.0.0: breaks HTTPS download of some sites (eg.
https://sourceforge.net)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
665452: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665452
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libssl1.0.0
Version: 1.0.1-2
Severity: important
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
installing the newest version breaks curl (and other download tools
using libssl like perl GET) on https://sourceforge.net/
Downgrading to 1.0.0h solves the problem.
Attached are curl --trace outputs with version 1.0.0h and 1.0.1.
Since the SSL error message is not very helpful, I could not match
this problem to any of the existing bugs.
So feel free to ask for more info about this.
Regards,
Bastian
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.12rum1 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libssl1.0.0 depends on:
ii debconf [debconf-2.0] 1.5.42
ii libc6 2.13-27
ii multiarch-support 2.13-27
ii zlib1g 1:1.2.6.dfsg-2
libssl1.0.0 recommends no packages.
libssl1.0.0 suggests no packages.
- -- debconf information:
libssl1.0.0/restart-failed:
libssl1.0.0/restart-services:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk9trrQACgkQeBwlBDLsbz5QTwCg0/CiAMF15IWsTSmgQU0Moany
+44AoKJ6cmESgDyoWCPsspfDseAB8UHx
=YMwi
-----END PGP SIGNATURE-----
curl_sourceforge.net_1.0.0h.log
Description: Binary data
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0== Info: About to connect() to sourceforge.net port 443 (#0)
== Info: Trying 216.34.181.60...
== Info: connected
== Info: Connected to sourceforge.net (216.34.181.60) port 443 (#0)
== Info: successfully set certificate verify locations:
== Info: CAfile: none
CApath: /etc/ssl/certs
== Info: SSLv3, TLS handshake, Client hello (1):
=> Send SSL data, 335 bytes (0x14f)
0000: 01 00 01 4b 03 03 4f 6d ac aa 95 b9 d6 ff f3 11 ...K..Om........
0010: f6 70 ca 18 45 4c 97 84 34 a7 84 2b 8d b6 22 59 .p..EL..4..+.."Y
0020: a5 8a dc 9d f4 8f 00 00 9e c0 30 c0 2c c0 28 c0 ..........0.,.(.
0030: 24 c0 14 c0 0a c0 22 c0 21 00 a3 00 9f 00 6b 00 $.....".!.....k.
0040: 6a 00 39 00 38 00 88 00 87 c0 32 c0 2e c0 2a c0 j.9.8.....2...*.
0050: 26 c0 0f c0 05 00 9d 00 3d 00 35 00 84 c0 12 c0 &.......=.5.....
0060: 08 c0 1c c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 ................
0070: 2f c0 2b c0 27 c0 23 c0 13 c0 09 c0 1f c0 1e 00 /.+.'.#.........
0080: a2 00 9e 00 67 00 40 00 33 00 32 00 9a 00 99 00 [email protected].....
0090: 45 00 44 c0 31 c0 2d c0 29 c0 25 c0 0e c0 04 00 E.D.1.-.).%.....
00a0: 9c 00 3c 00 2f 00 96 00 41 c0 11 c0 07 c0 0c c0 ..<./...A.......
00b0: 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 ................
00c0: 08 00 06 00 03 00 ff 02 01 00 00 83 00 00 00 14 ................
00d0: 00 12 00 00 0f 73 6f 75 72 63 65 66 6f 72 67 65 .....sourceforge
00e0: 2e 6e 65 74 00 0b 00 04 03 00 01 02 00 0a 00 34 .net...........4
00f0: 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 .2..............
0100: 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 ................
0110: 00 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f ................
0120: 00 10 00 11 00 0d 00 22 00 20 06 01 06 02 06 03 .......". ......
0130: 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 ................
0140: 03 03 02 01 02 02 02 03 01 01 00 0f 00 01 01 ...............
curl: (35) Unknown SSL protocol error in connection to sourceforge.net:443
== Info: Unknown SSL protocol error in connection to sourceforge.net:443
== Info: Closing connection #0
--- End Message ---
--- Begin Message ---
Version: 1.0.1b-1
Hi,
As far as I know with the 1.0.1b-1 version most of the issues have
been solved. At least the following sites used to have a problem
and work now:
- paypal.com
- facebook.com
- sourceforge.net
- mediafire.com
- imap.ntlworld.com
- cloudfiles
As far as I know all remaining issues when using 1.0.1b are not
the fault of openssl, but of the other side. This includes:
- Microsoft products just closing the connection when announcing
support for TLS 1.1 or higher
- Servers using an old version of BigIP software
If you think there still is a problem in openssl, please file a
new bug.
Kurt
--- End Message ---