Hi Seth, thank you for the quick reply. Actually the bug occurs with TLSv1 (not 1.2 apparently) and SSLv3. with pythons 2.7.9's ssl module it works for example since it tries tls1.2 by default. I will add this information later I just found it out since I needed a quick solution for a production issue.
Gruß Patrick Helmig Co-Founder SECDASH Tel: +49170 1880969 Mail: [email protected] Web: http://secdash.com > Am 13.05.2015 um 22:06 schrieb Seth Arnold <[email protected]>: > > Patrick, I suggest filing a new bug; this bug is about TLS errors while > connecting to SSLv3 sites, but the site you listed specifically does not > support SSLv3: > https://www.ssllabs.com/ssltest/analyze.html?d=auslandsjahr%2dusa.com&s=104.28.16.100&latest > > Thanks > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/861137 > > Title: > Openssl TLS errors while connecting to SSLv3 sites > > Status in openssl package in Ubuntu: > Confirmed > > Bug description: > I upgraded to Oneiric Ocelot beta1. OpenSSL version is "1.0.0e 6 Sep > 2011" > > Now, when I connect to certain HTTPs servers with wget or curl I get a > TLS error. > > With wget : OpenSSL: error:14077438:SSL > routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error > With curl : curl: (35) error:14077438:SSL > routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error > > In wget, this can be fixed by specifying --secure-protocol=sslv3 option > In curl, this can be fixed by specifying -sslv3 option > > The issue is that the automatic check for the version seems to be > failing. This is working fine in Natty systems using older versions of > openssl. > > The impact of this will be in scripts using curl, wget etc. which will > start failing after an upgrade. > > Ubuntu version > > Description: Ubuntu oneiric (development branch) > Release: 11.10 > > OpenSSL version : OpenSSL 1.0.0e 6 Sep 2011 > > openssl: > Installed: 1.0.0e-2ubuntu2 > Candidate: 1.0.0e-2ubuntu2 > Version table: > *** 1.0.0e-2ubuntu2 0 > 500 http://us.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages > 100 /var/lib/dpkg/status > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/861137 Title: Openssl TLS errors while connecting to SSLv3 sites Status in openssl package in Ubuntu: Confirmed Bug description: I upgraded to Oneiric Ocelot beta1. OpenSSL version is "1.0.0e 6 Sep 2011" Now, when I connect to certain HTTPs servers with wget or curl I get a TLS error. With wget : OpenSSL: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error With curl : curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error In wget, this can be fixed by specifying --secure-protocol=sslv3 option In curl, this can be fixed by specifying -sslv3 option The issue is that the automatic check for the version seems to be failing. This is working fine in Natty systems using older versions of openssl. The impact of this will be in scripts using curl, wget etc. which will start failing after an upgrade. Ubuntu version Description: Ubuntu oneiric (development branch) Release: 11.10 OpenSSL version : OpenSSL 1.0.0e 6 Sep 2011 openssl: Installed: 1.0.0e-2ubuntu2 Candidate: 1.0.0e-2ubuntu2 Version table: *** 1.0.0e-2ubuntu2 0 500 http://us.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages 100 /var/lib/dpkg/status To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
