[Bug 965371] Re: HTTPS requests fail on sites which immediately close the connection if TLS 1.1 negotiation is attempted, on Ubuntu 12.04

AquaQuieta 965371 at bugs.launchpad.net
Fri Sep 7 14:59:20 UTC 2012 

Like the bug says:

openssl s_client  -connect soap.example.org:443
fails because "Secure Renegotiation IS NOT supported"
but I can connect with :
 openssl s_client  -tls1 -connect soap.example.org:443 

Unfortunately, this doesn't help me at all. I have a PHP script using  SoapClient, and although I found several
suggestions for forcing tls1 when using SoapClient, none of them work. 

Seems to me that what is really needed is some way to force the use of a
specific protocol per server, rather than relying on renegotiation,
which can obviously be disabled.  Sure, you might argue that server
itself is the problem ( I don't necessarily disagree) but in the real
world, we have to have some way of working around it....which currently,
I don't.

 It would be awesome if, in openssl.cnf  we could  say something like:

[connection_opts]
server=soap.example.org
protocol=tls1

Of course, I'd be happy if PHP had a way to do this within
SoapClient....but something like that in openssl would fix this issue
for everyone.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/965371

Title:
  HTTPS requests fail on sites which immediately close the connection if
  TLS 1.1 negotiation is attempted, on Ubuntu 12.04

Status in OpenSSL cryptography and SSL/TLS toolkit:
  Confirmed
Status in “openssl” package in Ubuntu:
  Fix Released
Status in “openssl” source package in Precise:
  Triaged
Status in “openssl” package in Debian:
  Fix Released

Bug description:
  This week, HTTPS connections from a Python script I wrote started
  giving me this error:

  urllib2.URLError: <urlopen error [Errno 8] _ssl.c:497: EOF occurred in
  violation of protocol>

  This used to work up until some three days ago and still works on
  other Ubuntu versions, but not in other Python versions on Precise. I
  was suspecting this was a bug in Python, but a guy on AskUbuntu (
  http://askubuntu.com/questions/116020/python-https-requests-urllib2
  -to-some-sites-fail-on-ubuntu-12-04-without-proxy/116059#116059 )
  found out this happens using the openssl command line tool too:

  $ openssl s_client -connect www.mediafire.com:443

  But succeeds if forcing TLS 1 with the -tls1 argument.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions

More information about the foundations-bugs mailing list