[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
Upon closer examination of the change log of libssl, the update we all received fixed a different issue and was not intended to fix this issue. The issue that was fixed is here: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/986147 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
Updated my 12.04 system this morning that included a new libssl. Unfortunately, the update did not fix this problem, at least not for evernote: openssl s_client -connect www.evernote.com:443 still fails. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
I've also just updated to try query a box using python urllib and same error. urlopen error [Errno 8] _ssl.c:504: EOF occurred in violation of protocol -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
Looks like this bug could be the cause of Evernote failing to connect: openssl s_client -connect www.evernote.com:443 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
** Changed in: openssl (Debian) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
the fixes from openssl 1.0.1b should go into 12.04 - it looks like otherwise TLS 1.1 will not work... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
I agree with Paulo Almeida. This shouldn't be at the final release. I'm having to use the workround of changing the httplib.py but it's not very safe to do so. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
Well, it IS on the final release. 12.04 is out and there's no rolling back versions now. So now we have to hope for a (quick) fix. 2012/4/27 nuk nuk.anim...@gmail.com I agree with Paulo Almeida. This shouldn't be at the final release. I'm having to use the workround of changing the httplib.py but it's not very safe to do so. -- You received this bug notification because you are subscribed to the bug report. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 Status in OpenSSL cryptography and SSL/TLS toolkit: Confirmed Status in “openssl” package in Ubuntu: Triaged Status in “openssl” source package in Precise: Triaged Status in “openssl” package in Debian: New Bug description: This week, HTTPS connections from a Python script I wrote started giving me this error: urllib2.URLError: urlopen error [Errno 8] _ssl.c:497: EOF occurred in violation of protocol This used to work up until some three days ago and still works on other Ubuntu versions, but not in other Python versions on Precise. I was suspecting this was a bug in Python, but a guy on AskUbuntu ( http://askubuntu.com/questions/116020/python-https-requests-urllib2 -to-some-sites-fail-on-ubuntu-12-04-without-proxy/116059#116059 ) found out this happens using the openssl command line tool too: $ openssl s_client -connect www.mediafire.com:443 But succeeds if forcing TLS 1 with the -tls1 argument. To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- Pablo Almeida http://www.google.com/profiles/pabloalmeidaff9 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
precise current gnutls-cli -p 443 info.vsu.ru is working ok. openssl s_client -connect info.vsu.ru:443 -CApath /etc/ssl/certs CONNECTED(0003) 140277691872928:error:14092073:SSL routines:SSL3_GET_SERVER_HELLO:bad packet length:s3_clnt.c:1062: -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
Yesterday, the same happened on Emesene https://github.com/emesene/emesene/issues/1184: [02:02:16 ERROR e3.common.Collections] [Errno socket error] [Errno 8] ssl.c:504: EOF occurred in violation of protocol Traceback (most recent call last): File /home/andre/emesene/emesene/e3/common/Collections.py, line 181, in fetch_metadata rq = self.github.get_raw(self.theme, current_ext.files[path]) File /home/andre/emesene/emesene/e3/common/Github.py, line 42, in get_raw response = urlopen(API_GITHUB_GETRAW % (self._org, repo, sha)) File /usr/lib/python2.7/urllib.py, line 86, in urlopen return opener.open(url) File /usr/lib/python2.7/urllib.py, line 207, in open return getattr(self, name)(url) File /usr/lib/python2.7/urllib.py, line 436, in open_https h.endheaders(data) File /usr/lib/python2.7/httplib.py, line 954, in endheaders self._send_output(message_body) File /usr/lib/python2.7/httplib.py, line 814, in _send_output self.send(msg) File /usr/lib/python2.7/httplib.py, line 776, in send self.connect() File /usr/lib/python2.7/httplib.py, line 1161, in connect self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file) File /usr/lib/python2.7/ssl.py, line 381, in wrap_socket ciphers=ciphers) File /usr/lib/python2.7/ssl.py, line 143, in __init_ self.do_handshake() File /usr/lib/python2.7/ssl.py, line 305, in do_handshake self._sslobj.do_handshake() IOError: [Errno socket error] [Errno 8] _ssl.c:504: EOF occurred in violation of protocol -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
I don't know who decides this kind of thing but I believe that, if a definitive fix doesn't get done, this version of the package should not go into the final version of Ubuntu, as it will break too many things that simply work on Oneiric. Or, if released, it should force all connections to be TLS1 at least for a while. Again, I don't know who decides this and using which standards, but LTS is about stability, and not knowing if a connection will work or not is not what I would call stable. Em 20 de abril de 2012 10:09, André Lopes chevelle...@hotmail.comescreveu: Yesterday, the same happened on Emesene https://github.com/emesene/emesene/issues/1184: [02:02:16 ERROR e3.common.Collections] [Errno socket error] [Errno 8] ssl.c:504: EOF occurred in violation of protocol Traceback (most recent call last): File /home/andre/emesene/emesene/e3/common/Collections.py, line 181, in fetch_metadata rq = self.github.get_raw(self.theme, current_ext.files[path]) File /home/andre/emesene/emesene/e3/common/Github.py, line 42, in get_raw response = urlopen(API_GITHUB_GETRAW % (self._org, repo, sha)) File /usr/lib/python2.7/urllib.py, line 86, in urlopen return opener.open(url) File /usr/lib/python2.7/urllib.py, line 207, in open return getattr(self, name)(url) File /usr/lib/python2.7/urllib.py, line 436, in open_https h.endheaders(data) File /usr/lib/python2.7/httplib.py, line 954, in endheaders self._send_output(message_body) File /usr/lib/python2.7/httplib.py, line 814, in _send_output self.send(msg) File /usr/lib/python2.7/httplib.py, line 776, in send self.connect() File /usr/lib/python2.7/httplib.py, line 1161, in connect self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file) File /usr/lib/python2.7/ssl.py, line 381, in wrap_socket ciphers=ciphers) File /usr/lib/python2.7/ssl.py, line 143, in __init_ self.do_handshake() File /usr/lib/python2.7/ssl.py, line 305, in do_handshake self._sslobj.do_handshake() IOError: [Errno socket error] [Errno 8] _ssl.c:504: EOF occurred in violation of protocol -- You received this bug notification because you are subscribed to the bug report. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 Status in OpenSSL cryptography and SSL/TLS toolkit: Confirmed Status in “openssl” package in Ubuntu: Triaged Status in “openssl” source package in Precise: Triaged Status in “openssl” package in Debian: New Bug description: This week, HTTPS connections from a Python script I wrote started giving me this error: urllib2.URLError: urlopen error [Errno 8] _ssl.c:497: EOF occurred in violation of protocol This used to work up until some three days ago and still works on other Ubuntu versions, but not in other Python versions on Precise. I was suspecting this was a bug in Python, but a guy on AskUbuntu ( http://askubuntu.com/questions/116020/python-https-requests-urllib2 -to-some-sites-fail-on-ubuntu-12-04-without-proxy/116059#116059 ) found out this happens using the openssl command line tool too: $ openssl s_client -connect www.mediafire.com:443 But succeeds if forcing TLS 1 with the -tls1 argument. To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- Pablo Almeida http://www.google.com/profiles/pabloalmeidaff9 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
Confirmed that paypal works as expected for me again via multiple methods. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
I tried the 1.0.1-4ubuntu2 release which seems to work as expected! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
Works for php fsockopen :) Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
That worked for my peculiar case too. Mahalo! As Pablo commented, still seems to fail on mediafire.com but I'm not certain mediafire's end point is working correctly as it fails in both openssl (1.0.1-4ubuntu3) AND gnutls (3.0.11+really2.12.14-5ubuntu3) : $ openssl s_client -connect www.mediafire.com:443 CONNECTED(0003) 140199672272544:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 174 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- $ gnutls-cli www.mediafire.com -p 443 Resolving 'www.mediafire.com'... Connecting to '205.196.120.8:443'... *** Fatal error: A TLS packet with unexpected length was received. *** Handshake has failed GnuTLS error: A TLS packet with unexpected length was received. I should point out that it seems to work with the openssl 1.0.0e-2ubuntu4.2 from 11.10, but doesn't with the gnutls 2.10.5-1ubuntu3.1 from 11.10. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
I've applied some more upstream fixes in openssl 1.0.1-4ubuntu2 in precise-proposed. Could people affected by this bug please report whether it makes things worse, improves them, or leaves them the same, and for which sites? If I hear positive reports and don't hear of regressions then it may be possible to squeeze this into 12.04. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
I've just tested 1.0.1-4ubuntu2 against Enom API server and paypal using fsockopen / PHP and it just... worked flawlessly! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
openssl s_client -connect cs3-api.salesforce.com:443 now works but openssl s_client -connect www.mediafire.com:443 still doesn't. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
Isn't there a better solutution than disabling TLS 1.2 completely in openssl? I need TLS 1.1 and 1.2 to monitor my servers with icinga... Better force the admins of the broken servers to fix their stuff... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
I'm awaiting advice from upstream on something better. See the upstream bug linked from this one. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
Regarding #12 I'ld also suggest, to wait for an upstream solution. The side-effects of non-working SSL are far too big to be ignored or being addressed to the other end of the SSL connection. One can't argue to a customer running webshops, that paypal has an invalid implementation of TLS. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
Enom API servers are also affected, even with the partial fix (1.0.1-2ubuntu4). PHP continues to throws : fsockopen(): SSL: crypto enabling timeout -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
** Bug watch added: OpenSSL RT #2771 http://rt.openssl.org/Ticket/Display.html?id=2771 ** Also affects: openssl via http://rt.openssl.org/Ticket/Display.html?id=2771 Importance: Unknown Status: Unknown ** Changed in: openssl (Ubuntu Precise) Milestone: None = ubuntu-12.04 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
** Changed in: openssl Status: Unknown = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
Until this bug is fixed I thought this hack might be helpful for affected Python users. Not sure what problems this creates but this allowed my scripts to work again. Might be good until a proper fix is implemented. I changed /usr/lib/python2.6/httplib.py as follows: 1116c1116 self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file) --- self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=ssl.PROTOCOL_TLSv1) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
I've uploaded upstream's suggested workaround for most of the problems here. It isn't complete, and in particular it doesn't deal with the server in the bug description (see the Debian bug for a categorisation of the problems here), which is why I've left this bug open at a lowered importance. openssl (1.0.1-2ubuntu3) precise; urgency=low * Temporarily work around TLS 1.2 failures as suggested by upstream (LP #965371): - Use client version when deciding whether to send supported signature algorithms extension. - Experimental workaround to large client hello issue: if OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients only. - Compile with -DOPENSSL_NO_TLS1_2_CLIENT. This fixes most of the reported problems, but does not fix the case of servers that reject version numbers they don't support rather than trying to negotiate a lower version (e.g. www.mediafire.com). -- Colin Watson cjwat...@ubuntu.com Fri, 30 Mar 2012 17:11:45 +0100 ** Changed in: openssl (Ubuntu Precise) Importance: High = Medium ** Changed in: openssl (Ubuntu Precise) Status: Confirmed = Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
Hey! After the update that introduced the workaround, my python program (which uses mediafire) works again, even though the openssl command doesn't yet. 2012/3/30 Colin Watson cjwat...@canonical.com I've uploaded upstream's suggested workaround for most of the problems here. It isn't complete, and in particular it doesn't deal with the server in the bug description (see the Debian bug for a categorisation of the problems here), which is why I've left this bug open at a lowered importance. openssl (1.0.1-2ubuntu3) precise; urgency=low * Temporarily work around TLS 1.2 failures as suggested by upstream (LP #965371): - Use client version when deciding whether to send supported signature algorithms extension. - Experimental workaround to large client hello issue: if OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients only. - Compile with -DOPENSSL_NO_TLS1_2_CLIENT. This fixes most of the reported problems, but does not fix the case of servers that reject version numbers they don't support rather than trying to negotiate a lower version (e.g. www.mediafire.com). -- Colin Watson cjwat...@ubuntu.com Fri, 30 Mar 2012 17:11:45 +0100 ** Changed in: openssl (Ubuntu Precise) Importance: High = Medium ** Changed in: openssl (Ubuntu Precise) Status: Confirmed = Triaged -- You received this bug notification because you are subscribed to the bug report. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 Status in OpenSSL cryptography and SSL/TLS toolkit: Confirmed Status in “openssl” package in Ubuntu: Triaged Status in “openssl” source package in Precise: Triaged Status in “openssl” package in Debian: New Bug description: This week, HTTPS connections from a Python script I wrote started giving me this error: urllib2.URLError: urlopen error [Errno 8] _ssl.c:497: EOF occurred in violation of protocol This used to work up until some three days ago and still works on other Ubuntu versions, but not in other Python versions on Precise. I was suspecting this was a bug in Python, but a guy on AskUbuntu ( http://askubuntu.com/questions/116020/python-https-requests-urllib2 -to-some-sites-fail-on-ubuntu-12-04-without-proxy/116059#116059 ) found out this happens using the openssl command line tool too: $ openssl s_client -connect www.mediafire.com:443 But succeeds if forcing TLS 1 with the -tls1 argument. To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- Pablo Almeida http://www.google.com/profiles/pabloalmeidaff9 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
** Bug watch added: Debian Bug tracker #665452 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665452 ** Also affects: openssl (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665452 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
** Changed in: openssl (Debian) Status: Unknown = New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
Lamont says in a duplicate And it works on precise with 1.0.0g- 1ubuntu1. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
For anyone using LWP::Protocol::https based Perl tools, TLSv1 can be forced with: my $thing = whatever-new( ssl_opts = { SSL_version = 'TLSv1' }, ); Another site that fails is paypal: $ openssl s_client -connect www.paypal.com:443 CONNECTED(0003) write:errno=104 vs $ openssl s_client -tls1 -connect www.paypal.com:443 CONNECTED(0003) depth=2 C = US, O = VeriSign, Inc., OU = VeriSign Trust Network, OU = (c) 2006 VeriSign, Inc. - For authorized use only, CN = VeriSign Class 3 Public Primary Certification Authority - G5 ... ** Also affects: openssl (Ubuntu Precise) Importance: Undecided Status: Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
Other work-arounds: wget --secure-protocol=TLSv1 ... curl --tlsv1 ... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
This may be the intended behavior, but we should determine for sure. ** Changed in: openssl (Ubuntu Precise) Importance: Undecided = High ** Changed in: openssl (Ubuntu Precise) Assignee: (unassigned) = Colin Watson (cjwatson) ** Tags added: rls-p-tracking -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
If this is the intended behaviour, it sure will break a lot of programs. Anyone knows if there's a way to force Python's urllib2.urlopen().read() to use TLS1? 2012/3/29 Steve Langasek steve.langa...@canonical.com This may be the intended behavior, but we should determine for sure. ** Changed in: openssl (Ubuntu Precise) Importance: Undecided = High ** Changed in: openssl (Ubuntu Precise) Assignee: (unassigned) = Colin Watson (cjwatson) ** Tags added: rls-p-tracking -- You received this bug notification because you are subscribed to the bug report. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 Status in “openssl” package in Ubuntu: Confirmed Status in “openssl” source package in Precise: Confirmed Bug description: This week, HTTPS connections from a Python script I wrote started giving me this error: urllib2.URLError: urlopen error [Errno 8] _ssl.c:497: EOF occurred in violation of protocol This used to work up until some three days ago and still works on other Ubuntu versions, but not in other Python versions on Precise. I was suspecting this was a bug in Python, but a guy on AskUbuntu ( http://askubuntu.com/questions/116020/python-https-requests-urllib2 -to-some-sites-fail-on-ubuntu-12-04-without-proxy/116059#116059 ) found out this happens using the openssl command line tool too: $ openssl s_client -connect www.mediafire.com:443 But succeeds if forcing TLS 1 with the -tls1 argument. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371/+subscriptions -- Pablo Almeida http://www.google.com/profiles/pabloalmeidaff9 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
Same problem with graph.facebook.com... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: openssl (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 965371] Re: HTTPS requests fail on some sites on Ubuntu 12.04
same openssl s_client -connect cs3-api.salesforce.com:443 # Fails write:errno=104 --- no peer certificate available openssl s_client -tls1 -connect cs3-api.salesforce.com:443 # Succeeds -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on some sites on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs