OpenSSL 1.0.1 handshake timeout
I recently had a timeout issue with a service provider we connect to over HTTPS. I found downgrading to OpenSSL 1.0.0 solved the problem. I'm not sure how to determine if it's a bug, an Arch Linux package issue, or a problem with the service providers server? I tested using Python and Ruby (multiple versions): With OpenSSL 1.0.1-1 under Arch Linux, this times out: python import requests r = requests.get('https://esqa.moneris.com', timeout=5) With OpenSSL 1.0.0 under Arch Linux, it works. OpenSSL 1.0.1 does work however connecting to other HTTPS servers such as Google, and Thawte's test server. My original post on ruby-forum: http://www.ruby-forum.com/topic/3944461#new __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 handshake timeout
Hello, Try some test connections: # openssl s_client -connect hostname:443 -debug -msg # openssl s_client -connect hostname:443 -debug -msg -bugs Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 03/28/2012 06:02:01 PM: James Earl ja...@truckhardware.ca Sent by: owner-openssl-us...@openssl.org 03/28/2012 06:03 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject OpenSSL 1.0.1 handshake timeout I recently had a timeout issue with a service provider we connect to over HTTPS. I found downgrading to OpenSSL 1.0.0 solved the problem. I'm not sure how to determine if it's a bug, an Arch Linux package issue, or a problem with the service providers server? I tested using Python and Ruby (multiple versions): With OpenSSL 1.0.1-1 under Arch Linux, this times out: python import requests r = requests.get('https://esqa.moneris.com', timeout=5) With OpenSSL 1.0.0 under Arch Linux, it works. OpenSSL 1.0.1 does work however connecting to other HTTPS servers such as Google, and Thawte's test server. My original post on ruby-forum: http://www.ruby-forum.com/topic/3944461#new __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 handshake timeout
On Wed, Mar 28, 2012, James Earl wrote: I recently had a timeout issue with a service provider we connect to over HTTPS. I found downgrading to OpenSSL 1.0.0 solved the problem. I'm not sure how to determine if it's a bug, an Arch Linux package issue, or a problem with the service providers server? I tested using Python and Ruby (multiple versions): With OpenSSL 1.0.1-1 under Arch Linux, this times out: python import requests r = requests.get('https://esqa.moneris.com', timeout=5) With OpenSSL 1.0.0 under Arch Linux, it works. OpenSSL 1.0.1 does work however connecting to other HTTPS servers such as Google, and Thawte's test server. There is a known issue with some servers mentioned in PR#2771. See this link for more details: http://rt.openssl.org/Ticket/Display.html?id=2771user=guestpass=guest Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 handshake timeout
On Wed, Mar 28, 2012 at 10:16 AM, Dr. Stephen Henson st...@openssl.org wrote: On Wed, Mar 28, 2012, James Earl wrote: I recently had a timeout issue with a service provider we connect to over HTTPS. I found downgrading to OpenSSL 1.0.0 solved the problem. I'm not sure how to determine if it's a bug, an Arch Linux package issue, or a problem with the service providers server? I tested using Python and Ruby (multiple versions): With OpenSSL 1.0.1-1 under Arch Linux, this times out: python import requests r = requests.get('https://esqa.moneris.com', timeout=5) With OpenSSL 1.0.0 under Arch Linux, it works. OpenSSL 1.0.1 does work however connecting to other HTTPS servers such as Google, and Thawte's test server. There is a known issue with some servers mentioned in PR#2771. See this link for more details: http://rt.openssl.org/Ticket/Display.html?id=2771user=guestpass=guest Thanks, looks like there's also a thread on the Arch Linux forum which I should have noticed: https://bbs.archlinux.org/viewtopic.php?id=138103 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.1 handshake timeout
On Wed, Mar 28, 2012, James Earl wrote: On Wed, Mar 28, 2012 at 10:16 AM, Dr. Stephen Henson st...@openssl.org wrote: On Wed, Mar 28, 2012, James Earl wrote: I recently had a timeout issue with a service provider we connect to over HTTPS. I found downgrading to OpenSSL 1.0.0 solved the problem. I'm not sure how to determine if it's a bug, an Arch Linux package issue, or a problem with the service providers server? I tested using Python and Ruby (multiple versions): With OpenSSL 1.0.1-1 under Arch Linux, this times out: python import requests r = requests.get('https://esqa.moneris.com', timeout=5) With OpenSSL 1.0.0 under Arch Linux, it works. OpenSSL 1.0.1 does work however connecting to other HTTPS servers such as Google, and Thawte's test server. There is a known issue with some servers mentioned in PR#2771. See this link for more details: http://rt.openssl.org/Ticket/Display.html?id=2771user=guestpass=guest Thanks, looks like there's also a thread on the Arch Linux forum which I should have noticed: https://bbs.archlinux.org/viewtopic.php?id=138103 Several of the TLS servers mentioned in that thread seem to have the problem mentioned in PR#2771. Not sure about AES-CBC issues. TLS at least connects fine using AES-CBC ciphersuites here. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org