On Wed, Mar 28, 2012, James Earl wrote: > On Wed, Mar 28, 2012 at 10:16 AM, Dr. Stephen Henson <st...@openssl.org> > wrote: > > On Wed, Mar 28, 2012, James Earl wrote: > > > >> I recently had a timeout issue with a service provider we connect to > >> over HTTPS. I found downgrading to OpenSSL 1.0.0 solved the problem. > >> I'm not sure how to determine if it's a bug, an Arch Linux package > >> issue, or a problem with the service providers server? > >> > >> I tested using Python and Ruby (multiple versions): > >> > >> With OpenSSL 1.0.1-1 under Arch Linux, this times out: > >> > >> python > >> >>> import requests > >> >>> r = requests.get('https://esqa.moneris.com', timeout=5) > >> > >> With OpenSSL 1.0.0 under Arch Linux, it works. > >> > >> OpenSSL 1.0.1 does work however connecting to other HTTPS servers such > >> as Google, and Thawte's test server. > >> > > > > There is a known issue with some servers mentioned in PR#2771. > > > > See this link for more details: > > > > http://rt.openssl.org/Ticket/Display.html?id=2771&user=guest&pass=guest > > Thanks, looks like there's also a thread on the Arch Linux forum which > I should have noticed: > > https://bbs.archlinux.org/viewtopic.php?id=138103
Several of the TLS servers mentioned in that thread seem to have the problem mentioned in PR#2771. Not sure about AES-CBC issues. TLS at least connects fine using AES-CBC ciphersuites here. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org