I've also slammed headlong into this one.
The clue is "SSL handshake has read 0 bytes and written 317 bytes"
What the openssl v1.0.1f client side is doing is sending a clienthello
packet larger than 255 bytes to a broken SSL implementation, which slams
the phone down on you, thus "read 0 bytes".
Warning: Both RC4 and MD5 are INSECURE. They are susceptible to
practical attacks. Do not use them.
MD5 is already disabled by default. Real collisions have been produced,
and used to forge certificates in the wild; its use as an HMAC is also
strongly discouraged. It must never be used.
RC4
We're experiencing the same problem, but the fix listed above does not
help.
---Initial error:
greatnature-qa:~$ openssl s_client -msg -connect
inaturalist.org:443CONNECTED(0003)
TLS 1.2 Handshake [length 013b], ClientHello
01 00 01 37 03 03 53 cd 1d 0f 75 28 af 21 9d 17
62 73 2d
Richard, it would be best to open a new bug if you're still experiencing
this issue. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1305175
Title:
openssl 1.0.1f 'ssl handshake failure'
@alex.muntada Yes, as my frist reply mentioned, the problem is missing
RC4-MD5 cipher. There are innumerable ways to call into curl as a
library, all of which SHOULD have some way to add that cipher. (PHP/HHVM
is where I noticed the bug first)
I do not believe this is a bug in curl, as much as
I'm affected too, my 2x servers and local PC behave exactly the same.
Alex thank you for this workaround! It's WORKING :)
curl --ciphers RC4-SHA:RC4-MD5 https://...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: openssl (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1305175
Title:
@jared-n This work-around should work:
curl --ciphers RC4-SHA:RC4-MD5 https://...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1305175
Title:
openssl 1.0.1f 'ssl handshake failure' connection
Looks like the problem is that 'RC4-MD5' cipher is disabled by default.
I cannot figure out how to enable it by default, but instead just set
the curl opt for it and everything is fine.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
EDIT: And by disabled, I mean it doesn't auto-negotiate to it. Wether
or not that is 'disabled' or just a bug, it is hard to tell. (I'm no
curl or openssl expert for sure)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
10 matches
Mail list logo
