Hi, this Bug is unfortunately still active. Here is how to reproduce it: $ curl https://auslandsjahr-usa.com --sslv3
$ curl --version curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1f zlib/1.2.8 libidn/1.28 librtmp/2.3 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP $ openssl version OpenSSL 1.0.1f 6 Jan 2014 The issue seems to be SSLv3, since $ curl https://auslandsjahr-usa.com --ssl works. Unfortunately this bug also affects all depending libraries and scripting languages. (python 2.7.6 in my case): $ python -c "import sys; import os; import ssl; print(ssl.OPENSSL_VERSION); sys.path.insert(1, os.path.abspath(os.path.join(os.getcwd(), 'lib'))); import requests; requests.get('https://auslandsjahr-usa.com')" requests.get('https://auslandsjahr-usa.com')" OpenSSL 1.0.1f 6 Jan 2014 Traceback (most recent call last): File "<string>", line 1, in <module> File "/usr/lib/python2.7/dist-packages/requests/api.py", line 55, in get return request('get', url, **kwargs) File "/usr/lib/python2.7/dist-packages/requests/api.py", line 44, in request return session.request(method=method, url=url, **kwargs) File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 455, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 558, in send r = adapter.send(request, **kwargs) File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 385, in send raise SSLError(e) requests.exceptions.SSLError: [Errno 1] _ssl.c:510: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error We use Ubuntu 14.04.2 LTS # lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 14.04.2 LTS Release: 14.04 Codename: trusty A patch would be highly appreciated. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/861137 Title: Openssl TLS errors while connecting to SSLv3 sites Status in openssl package in Ubuntu: Confirmed Bug description: I upgraded to Oneiric Ocelot beta1. OpenSSL version is "1.0.0e 6 Sep 2011" Now, when I connect to certain HTTPs servers with wget or curl I get a TLS error. With wget : OpenSSL: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error With curl : curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error In wget, this can be fixed by specifying --secure-protocol=sslv3 option In curl, this can be fixed by specifying -sslv3 option The issue is that the automatic check for the version seems to be failing. This is working fine in Natty systems using older versions of openssl. The impact of this will be in scripts using curl, wget etc. which will start failing after an upgrade. Ubuntu version Description: Ubuntu oneiric (development branch) Release: 11.10 OpenSSL version : OpenSSL 1.0.0e 6 Sep 2011 openssl: Installed: 1.0.0e-2ubuntu2 Candidate: 1.0.0e-2ubuntu2 Version table: *** 1.0.0e-2ubuntu2 0 500 http://us.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages 100 /var/lib/dpkg/status To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
