One of our engineers says this:
FWIW, looking at the code, the problematic chunk, added to ssl/s23_clnt.c by tls12_workarounds.patch, was @@ -467,6 +469,15 @@ SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); return -1; } +#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH + /* Some servers hang if client hello > 256 bytes + * as hack workaround chop number of supported ciphers + * to keep it well below this if we use TLS v1.2 + */ + if (TLS1_get_version(s) >= TLS1_2_VERSION + && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) + i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; +#endif s2n(i,p); p+=i; OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is defined to 50, and is actually the number of bytes to use for the cipher list in the handshake, not the number of ciphers. Each cipher uses 2 bytes, so we actually get only 25 ciphers. And somebody that knows openssl might want to double-check that call to TLS1_get_version(s) - right before this chunk, there's a call to the function that actually adds the ciphers to the handshake buffer (ssl_cipher_list_to_bytes). That function compares the return value of TLS1_get_client_version(s) with TLS1_2_VERSION and then decides to skip the TLS1.2-only ciphers, which puts RC4-SHA among the first 50. Either changing OPENSSL_MAX_TLS1_2_CIPHER_LENGTH to 100 (which actually means 50 ciphers) or changing the TLS1_get_version(s) to TLS1_get_client_version(s) fixes things, though I have no idea what this last change means. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/986147 Title: openssl 1.0.1-4ubuntu2 breaks a bunch of ciphers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/986147/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs