Bug#798690: marked as done (handshake failure on get.docker.com)

Fri, 11 Sep 2015 13:27:38 -0700 

Your message dated Fri, 11 Sep 2015 22:26:09 +0200
with message-id <[email protected]>
and subject line Re: [Pkg-openssl-devel] Bug#798690: handshake failure on 
get.docker.com
has caused the Debian Bug report #798690,
regarding handshake failure on get.docker.com
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
798690: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798690
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libssl1.0.0
Severity: normal

$ openssl s_client -connect get.docker.com:443
CONNECTED(00000003)
139902178879120:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert 
handshake failure:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 315 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---

I did the check above because my apt-cacher-ng recently started barking
this error for no obvious reason. Search on internet is inconclusive...
some people suggest to enforce TLSv1, other tell something about
KeyUsage extension.

I tried a code hack, change to SSL_CTX_new(TLSv1_1_client_method())
but that didn't help.

Regards,
Eduard.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0+ (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)

-- 
Hart ist Hart. Weich ist Weich. Aber immer weich ist hart.

--- End Message ---
--- Begin Message --- 
On Fri, Sep 11, 2015 at 08:24:31PM +0200, Eduard Bloch wrote:
> Package: libssl1.0.0
> Severity: normal
> 
> $ openssl s_client -connect get.docker.com:443

The site requires you to use SNI.

This works:
openssl s_client -connect get.docker.com:443 -servername get.docker.com

So I'm closing this.


Kurt

--- End Message ---

Reply via email to