[Bug 965371] Re: HTTPS requests fail on sites which immediately close the connection if TLS 1.1 negotiation is attempted, on Ubuntu 12.04

Hiroshi Miura miurahr at linux.com
Sun Aug 26 04:57:43 UTC 2012 

For Wine, https://github.com/miurahr/wine/commits/wininet-submit and
http://bugs.winehq.org/show_bug.cgi?id=30598 may help. I'm also using
Evernote and can use it now with my patch.

I  proposed disabling TLS1.1/1.2 by defaut in Wine as same behavior as Windows and support switch to enable it.
This is not a fix for issue here but escaping it.


Renegotiation disability on some servers  is not issue for openssl itself. Issue for server administrator who need to maitain ssl library  and configuration up-to-date, especially for things related to RFC 5746.

Applications for specific web service can disable TLS 1.1/1.2 with
openssl/gnutls options in their program codes.


** Bug watch added: Wine Bugzilla #30598
   http://bugs.winehq.org/show_bug.cgi?id=30598

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/965371

Title:
  HTTPS requests fail on sites which immediately close the connection if
  TLS 1.1 negotiation is attempted, on Ubuntu 12.04

Status in OpenSSL cryptography and SSL/TLS toolkit:
  Confirmed
Status in “openssl” package in Ubuntu:
  Fix Released
Status in “openssl” source package in Precise:
  Triaged
Status in “openssl” package in Debian:
  Fix Released

Bug description:
  This week, HTTPS connections from a Python script I wrote started
  giving me this error:

  urllib2.URLError: <urlopen error [Errno 8] _ssl.c:497: EOF occurred in
  violation of protocol>

  This used to work up until some three days ago and still works on
  other Ubuntu versions, but not in other Python versions on Precise. I
  was suspecting this was a bug in Python, but a guy on AskUbuntu (
  http://askubuntu.com/questions/116020/python-https-requests-urllib2
  -to-some-sites-fail-on-ubuntu-12-04-without-proxy/116059#116059 )
  found out this happens using the openssl command line tool too:

  $ openssl s_client -connect www.mediafire.com:443

  But succeeds if forcing TLS 1 with the -tls1 argument.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions

More information about the foundations-bugs mailing list