Hi I'll try backporting the Natty openssl package and see how it goes.
Not using a wildcard cert, although I have tested with one, as well as
two seperate certs.
I have plenty of Apache debug logs, I'll distill some and upload when I
have a moment Here's an ssldump that accompanied the s_client output
above:
7 1 0.3464 (0.3464) C>S SSLv2 compatible client hello
Version 3.1
cipher suites
Unknown value 0x39
Unknown value 0x38
Unknown value 0x35
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
SSL2_CK_3DES
Unknown value 0x33
Unknown value 0x32
Unknown value 0x2f
SSL2_CK_RC2
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
SSL2_CK_RC4
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
SSL2_CK_DES
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
SSL2_CK_RC2_EXPORT40
TLS_RSA_EXPORT_WITH_RC4_40_MD5
SSL2_CK_RC4_EXPORT40
Unknown value 0xff
7 2 0.3557 (0.0093) S>CV3.1(81) Handshake
ServerHello
Version 3.1
random[32]=
4d f1 5f 69 e8 65 f9 9e 0e 21 fd f8 6e 05 11 bb
45 6b b8 97 49 62 04 68 60 a2 4a 94 11 4a 81 84
session_id[32]=
c0 ca 5b 73 a3 9a 33 0a 65 30 8f 28 c2 db d1 d6
47 ff b6 0c bf 48 0f dd 1e 95 33 9b 56 8b 04 3e
cipherSuite Unknown value 0x39
compressionMethod NULL
7 3 0.3557 (0.0000) S>CV3.1(3382) Handshake
Certificate
7 4 0.3557 (0.0000) S>CV3.1(525) Handshake
ServerKeyExchange
7 5 0.3557 (0.0000) S>CV3.1(4) Handshake
ServerHelloDone
7 6 0.7052 (0.3494) C>SV3.1(2) Alert
level fatal
value decrypt_error
7 0.7054 (0.0002) S>C TCP FIN
7 0.7066 (0.0012) C>S TCP RST
For comparison, here's the ssldump of the prior, successful connection:
6 1 0.3416 (0.3416) C>S SSLv2 compatible client hello
Version 3.1
cipher suites
Unknown value 0x39
Unknown value 0x38
Unknown value 0x35
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
SSL2_CK_3DES
Unknown value 0x33
Unknown value 0x32
Unknown value 0x2f
SSL2_CK_RC2
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
SSL2_CK_RC4
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
SSL2_CK_DES
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
SSL2_CK_RC2_EXPORT40
TLS_RSA_EXPORT_WITH_RC4_40_MD5
SSL2_CK_RC4_EXPORT40
Unknown value 0xff
6 2 0.3512 (0.0095) S>CV3.1(81) Handshake
ServerHello
Version 3.1
random[32]=
4d f1 5f 5c 41 3e 94 a9 68 9d 48 73 90 29 b2 08
62 b4 b6 6a 6b 98 ac 81 70 7d 44 a7 0c 6d fe ef
session_id[32]=
dd 42 bf a7 3b 46 a0 eb 38 19 a0 bf 56 c1 22 17
1c aa b4 0c 97 79 ea b7 90 d1 78 f8 85 7c 00 c0
cipherSuite Unknown value 0x39
compressionMethod NULL
6 3 0.3512 (0.0000) S>CV3.1(3382) Handshake
Certificate
6 4 0.3512 (0.0000) S>CV3.1(525) Handshake
ServerKeyExchange
6 5 0.3512 (0.0000) S>CV3.1(4) Handshake
ServerHelloDone
6 6 0.7370 (0.3858) C>SV3.1(134) Handshake
ClientKeyExchange
6 7 0.7370 (0.0000) C>SV3.1(1) ChangeCipherSpec
6 8 0.7370 (0.0000) C>SV3.1(48) Handshake
6 9 0.7403 (0.0032) S>CV3.1(1) ChangeCipherSpec
6 10 0.7403 (0.0000) S>CV3.1(48) Handshake
6 11 10.9898 (10.2495) S>CV3.1(32) Alert
6 10.9899 (0.0000) S>C TCP FIN
6 12 11.3304 (0.3404) C>SV3.1(32) Alert
6 11.3314 (0.0010) C>S TCP FIN
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
Intermittent SSL connection faults
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/795355/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
