On Thu, May 10, 2012 at 12:38:00PM +0200, Erwann Abalea wrote: > Le 10/05/2012 11:39, Andreas Bießmann a écrit :
> >My questions: > > * can anyone confirm this behaviour (it seems other hosts are working with > > openssl 1.0+, but not the banking.postbank.de)? > > * can anyone give me a hint how to track this down? > > I happen to get the same behaviour behind our firewall when > ECDHE-whatever is negociated as the ciphersuite. The FW drops the > connection, resulting in this "errno=104" error. Try to limit the > set of ciphersuites in your client. Ok so 'openssl s_client -connect banking.postbank.de:443 -cipher AES256-SHA' works with 1.0.1b. Thanks so far. But it is nasty to limit cipher by host. So I could exclude all these ECDHE- stuff if these really causing the error. But I wonder if there is another solution. I see this behaviour with all tools using openssl 1.0.1. I found it first with python on my mac and asked myself why it works from time to time (python packaged by fink uses openssl-1.0.1, Apple's version uses openssl-0.9.8 ;). However that could be fixed by working around in my scripts but wget fails also and curl does, ... So I ask myself 'could there be a solution inside the library?'. Best regards Andreas Bießmann ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
