[Bug 965371] Re: HTTPS requests fail on sites which immediately close the connection if TLS 1.1 negotiation is attempted, on Ubuntu 12.04

Jeff Utter 965371 at bugs.launchpad.net
Sat Jul 7 23:50:57 UTC 2012 

@Marc One distinction that I forgot to mention is that I am using ruby
1.9.2 (from either rbenv or rvm). Here are the following situations
where the script works and fails.

Ubuntu 12.04 + openssl in updates + stock ruby 1.8.7: Pass
Ubuntu 12.04 + openssl in updates +  compiled ruby 1.9.3: Fail
Ubuntu 12.04 + openssl manually installed from ubuntu 11.10 + compiled ruby 1.9.3: Pass

There is some specific problem with the latest openssl and ruby 1.9.3.

as Adam said "Otherwise, the choice
seems obvious to me: disable TLS 1.1 and 1.2 by default so that Ubuntu
users who have upgraded to "Precise 12.04 Long Term Support" will not
have their software mysteriously fail without recourse."

This is what happened to me. I upgraded a server from 11.10 to 12.04 to
get on a recent LTS release. Next thing I know credit card processing is
failing. It took me a long time to track down that the new openssl libs
were the problem. Now that I know i can manually downgrade them.
However, problems like this should not magically pop up.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/965371

Title:
  HTTPS requests fail on sites which immediately close the connection if
  TLS 1.1 negotiation is attempted, on Ubuntu 12.04

Status in OpenSSL cryptography and SSL/TLS toolkit:
  Confirmed
Status in “openssl” package in Ubuntu:
  Triaged
Status in “openssl” source package in Precise:
  Triaged
Status in “openssl” package in Debian:
  Fix Released

Bug description:
  This week, HTTPS connections from a Python script I wrote started
  giving me this error:

  urllib2.URLError: <urlopen error [Errno 8] _ssl.c:497: EOF occurred in
  violation of protocol>

  This used to work up until some three days ago and still works on
  other Ubuntu versions, but not in other Python versions on Precise. I
  was suspecting this was a bug in Python, but a guy on AskUbuntu (
  http://askubuntu.com/questions/116020/python-https-requests-urllib2
  -to-some-sites-fail-on-ubuntu-12-04-without-proxy/116059#116059 )
  found out this happens using the openssl command line tool too:

  $ openssl s_client -connect www.mediafire.com:443

  But succeeds if forcing TLS 1 with the -tls1 argument.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions

More information about the foundations-bugs mailing list