[Bug 965371] Re: HTTPS requests fail on sites which immediately close the connection if TLS 1.1 negotiation is attempted, on Ubuntu 12.04

JDS jeffrey.d.silverman at gmail.com
Wed Feb 20 18:25:01 UTC 2013 

@bradley-will: I appreciate the helpful suggestion, but the PHP libs I
am interested in are not in any way related to SOAP or PHP's
implementation of SoapClient.

The thing I'm interested in is LDAP. There is a chain of libraries that
PHP uses to get LDAPS working.

 PHP -> uses OpenLDAP -> which uses GnuTLS (On Ubuntu)

In the past, I tried recompiling OpenLDAP against OpenSSL, and this
fixed PHP, so I know that the chain I described is correct (well, is
correct for Ubuntu 10.04. I'm assuming it is true for 12.04 as well)

In any case, when OpenLDAP is recompiled against OpenSSL, the chain of
libs I'm interested in is:

 PHP -> uses OpenLDAP -> which uses OpenSSL

Is there a system-wide configuration way to force PHP's LDAP libs to use
TLSv1.0? So far I have not found an answer.

Finally, is there a way to get GnuTLS to work against the above
described SSL services? GnuTLS has similar problems connecting to SSL
services as described in this bug for OpenSSL. Is there a bug open for
GnuTLS somewhere about this?

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/965371

Title:
  HTTPS requests fail on sites which immediately close the connection if
  TLS 1.1 negotiation is attempted, on Ubuntu 12.04

Status in OpenSSL cryptography and SSL/TLS toolkit:
  Confirmed
Status in “openssl” package in Ubuntu:
  Fix Released
Status in “openssl” source package in Precise:
  Triaged
Status in “openssl” package in Debian:
  Fix Released

Bug description:
  This week, HTTPS connections from a Python script I wrote started
  giving me this error:

  urllib2.URLError: <urlopen error [Errno 8] _ssl.c:497: EOF occurred in
  violation of protocol>

  This used to work up until some three days ago and still works on
  other Ubuntu versions, but not in other Python versions on Precise. I
  was suspecting this was a bug in Python, but a guy on AskUbuntu (
  http://askubuntu.com/questions/116020/python-https-requests-urllib2
  -to-some-sites-fail-on-ubuntu-12-04-without-proxy/116059#116059 )
  found out this happens using the openssl command line tool too:

  $ openssl s_client -connect www.mediafire.com:443

  But succeeds if forcing TLS 1 with the -tls1 argument.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions

More information about the foundations-bugs mailing list