On Wed, Mar 28, 2012, James Earl wrote:

> On Wed, Mar 28, 2012 at 10:16 AM, Dr. Stephen Henson <st...@openssl.org> 
> wrote:
> > On Wed, Mar 28, 2012, James Earl wrote:
> >
> >> I recently had a timeout issue with a service provider we connect to
> >> over HTTPS.  I found downgrading to OpenSSL 1.0.0 solved the problem.
> >> I'm not sure how to determine if it's a bug, an Arch Linux package
> >> issue, or a problem with the service providers server?
> >>
> >> I tested using Python and Ruby (multiple versions):
> >>
> >> With OpenSSL 1.0.1-1 under Arch Linux, this times out:
> >>
> >> python
> >> >>> import requests
> >> >>> r = requests.get('https://esqa.moneris.com', timeout=5)
> >>
> >> With OpenSSL 1.0.0 under Arch Linux, it works.
> >>
> >> OpenSSL 1.0.1 does work however connecting to other HTTPS servers such
> >> as Google, and Thawte's test server.
> >>
> >
> > There is a known issue with some servers mentioned in PR#2771.
> >
> > See this link for more details:
> >
> > http://rt.openssl.org/Ticket/Display.html?id=2771&user=guest&pass=guest
> 
> Thanks, looks like there's also a thread on the Arch Linux forum which
> I should have noticed:
> 
> https://bbs.archlinux.org/viewtopic.php?id=138103

Several of the TLS servers mentioned in that thread seem to have the problem
mentioned in PR#2771.

Not sure about AES-CBC issues. TLS at least connects fine using AES-CBC
ciphersuites here.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to