The server is at fault for failing to negotiate correctly. However, from the user experience perspective, the problem happens because of upgrading Ubuntu. The problem doesn't exist in Oneiric. The problem does exist in > Oneiric. Also, Precise is a Long Term Support release. LTS releases are not supposed to break software that works. It doesn't matter where the fault ultimately lies--ultimately it's the Ubuntu user experience that is broken. If a user can switch to another distro, or to Windows, and avoid the bug, then Ubuntu has failed, and Bug #1 has regressed.
Linus Torvalds understands this: he's famous for saying "Don't break userspace!" even if it's ultimately userspace's fault. Why doesn't Ubuntu understand this? The solution is simple: disable TLS 1.1 and 1.2 by default until servers are fixed. Doing this will not cause any problems. There is no data to support not doing this. Doing this will fix a real problem for real people. There is plenty of data to support doing this. What is Ubuntu waiting for? What does it take to get Ubuntu to do the right thing? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on sites which immediately close the connection if TLS 1.1 negotiation is attempted, on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
