Your message dated Sun, 29 Apr 2012 19:32:03 +0200
with message-id <[email protected]>
and subject line openssl 1.0.1 issues
has caused the Debian Bug report #665452,
regarding libssl1.0.0: breaks HTTPS download of some sites (eg. 
https://sourceforge.net)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
665452: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665452
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libssl1.0.0
Version: 1.0.1-2
Severity: important

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

installing the newest version breaks curl (and other download tools
using libssl like perl GET) on https://sourceforge.net/
Downgrading to 1.0.0h solves the problem.

Attached are curl --trace outputs with version 1.0.0h and 1.0.1.

Since the SSL error message is not very helpful, I could not match
this problem to any of the existing bugs.
So feel free to ask for more info about this.

Regards,
  Bastian

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.12rum1 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libssl1.0.0 depends on:
ii  debconf [debconf-2.0]  1.5.42
ii  libc6                  2.13-27
ii  multiarch-support      2.13-27
ii  zlib1g                 1:1.2.6.dfsg-2

libssl1.0.0 recommends no packages.

libssl1.0.0 suggests no packages.

- -- debconf information:
  libssl1.0.0/restart-failed:
  libssl1.0.0/restart-services:

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk9trrQACgkQeBwlBDLsbz5QTwCg0/CiAMF15IWsTSmgQU0Moany
+44AoKJ6cmESgDyoWCPsspfDseAB8UHx
=YMwi
-----END PGP SIGNATURE-----

Attachment: curl_sourceforge.net_1.0.0h.log
Description: Binary data

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     
0== Info: About to connect() to sourceforge.net port 443 (#0)
== Info:   Trying 216.34.181.60...
== Info: connected
== Info: Connected to sourceforge.net (216.34.181.60) port 443 (#0)
== Info: successfully set certificate verify locations:
== Info:   CAfile: none
  CApath: /etc/ssl/certs
== Info: SSLv3, TLS handshake, Client hello (1):
=> Send SSL data, 335 bytes (0x14f)
0000: 01 00 01 4b 03 03 4f 6d ac aa 95 b9 d6 ff f3 11 ...K..Om........
0010: f6 70 ca 18 45 4c 97 84 34 a7 84 2b 8d b6 22 59 .p..EL..4..+.."Y
0020: a5 8a dc 9d f4 8f 00 00 9e c0 30 c0 2c c0 28 c0 ..........0.,.(.
0030: 24 c0 14 c0 0a c0 22 c0 21 00 a3 00 9f 00 6b 00 $.....".!.....k.
0040: 6a 00 39 00 38 00 88 00 87 c0 32 c0 2e c0 2a c0 j.9.8.....2...*.
0050: 26 c0 0f c0 05 00 9d 00 3d 00 35 00 84 c0 12 c0 &.......=.5.....
0060: 08 c0 1c c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 ................
0070: 2f c0 2b c0 27 c0 23 c0 13 c0 09 c0 1f c0 1e 00 /.+.'.#.........
0080: a2 00 9e 00 67 00 40 00 33 00 32 00 9a 00 99 00 [email protected].....
0090: 45 00 44 c0 31 c0 2d c0 29 c0 25 c0 0e c0 04 00 E.D.1.-.).%.....
00a0: 9c 00 3c 00 2f 00 96 00 41 c0 11 c0 07 c0 0c c0 ..<./...A.......
00b0: 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 ................
00c0: 08 00 06 00 03 00 ff 02 01 00 00 83 00 00 00 14 ................
00d0: 00 12 00 00 0f 73 6f 75 72 63 65 66 6f 72 67 65 .....sourceforge
00e0: 2e 6e 65 74 00 0b 00 04 03 00 01 02 00 0a 00 34 .net...........4
00f0: 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 .2..............
0100: 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 ................
0110: 00 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f ................
0120: 00 10 00 11 00 0d 00 22 00 20 06 01 06 02 06 03 .......". ......
0130: 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 ................
0140: 03 03 02 01 02 02 02 03 01 01 00 0f 00 01 01    ...............
curl: (35) Unknown SSL protocol error in connection to sourceforge.net:443 
== Info: Unknown SSL protocol error in connection to sourceforge.net:443 
== Info: Closing connection #0

--- End Message ---
--- Begin Message ---
Version: 1.0.1b-1

Hi,

As far as I know with the 1.0.1b-1 version most of the issues have
been solved.  At least the following sites used to have a problem
and work now:
- paypal.com
- facebook.com
- sourceforge.net
- mediafire.com
- imap.ntlworld.com
- cloudfiles

As far as I know all remaining issues when using 1.0.1b are not
the fault of openssl, but of the other side.  This includes:
- Microsoft products just closing the connection when announcing
  support for TLS 1.1 or higher
- Servers using an old version of BigIP software

If you think there still is a problem in openssl, please file a
new bug.


Kurt



--- End Message ---

Reply via email to