I've uploaded upstream's suggested workaround for most of the problems
here. It isn't complete, and in particular it doesn't deal with the
server in the bug description (see the Debian bug for a categorisation
of the problems here), which is why I've left this bug open at a lowered
importance.
openssl (1.0.1-2ubuntu3) precise; urgency=low
* Temporarily work around TLS 1.2 failures as suggested by upstream
(LP #965371):
- Use client version when deciding whether to send supported signature
algorithms extension.
- Experimental workaround to large client hello issue: if
OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients
only.
- Compile with -DOPENSSL_NO_TLS1_2_CLIENT.
This fixes most of the reported problems, but does not fix the case of
servers that reject version numbers they don't support rather than
trying to negotiate a lower version (e.g. www.mediafire.com).
-- Colin Watson <[email protected]> Fri, 30 Mar 2012 17:11:45 +0100
** Changed in: openssl (Ubuntu Precise)
Importance: High => Medium
** Changed in: openssl (Ubuntu Precise)
Status: Confirmed => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/965371
Title:
HTTPS requests fail on some sites on Ubuntu 12.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
