[Bug 1475228] Re: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server

Adrien Nader 1475228 at bugs.launchpad.net
Thu May 11 18:14:09 UTC 2023 

There has been no activity on this bug for 7 years. Marc stated 1.0.2
connects successfully. Moreover, the last comments were about this
occuring with 1.0.1f on 14.04 (8 years old). Lastly, the corresponding
code seems to be gone. I'll mark this as Fix Released.

** Changed in: openssl (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1475228

Title:
  openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
  on TLS only configured server

Status in openssl package in Ubuntu:
  Fix Released

Bug description:
  (taken from http://askubuntu.com/questions/649000/openssl-curl-error-
  ssl23-get-server-hellotlsv1-alert-internal-
  error?noredirect=1#comment931621_649000)

  
  We encounter very strange problems connecting with openssl or curl to one of our servers, from Ubuntu 14.04

  Executing:

  openssl s_client -connect ms.icometrix.com:443
  gives:

  CONNECTED(00000003)
  140557262718624:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
  internal error:s23_clnt.c:770:
  A similar error when executing:

  curl https://ms.icometrix.com
  curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
  internal error
  Output of openssl version (on client/server):

  OpenSSL 1.0.1f 6 Jan 2014
  The funny thing is, the problem vanishes when connecting with other versions of Openssl:

  From a mac, OpenSSL 0.9.8zd 8 Jan 2015, all ok
  From centos, OpenSSL 1.0.1e-fips 11 Feb 2013, all ok
  Latest stable release on Ubuntu 14.04, OpenSSL 1.0.2d 9 Jul 2015, all ok.
  From server side, we do not see anything strange. The problem started when we disabled SSL3 on our machines.

  Might there be a problem with the build in the apt-get?

  We also test other versions, the one proposed by apt-cache showpkg,
  but the problem remains...

  
  BTW: I don't consider this the same as https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137?comments=al because, they're talking about SSL enabled servers.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228/+subscriptions

More information about the foundations-bugs mailing list