[Bug 965371] Re: HTTPS requests fail on sites which immediately close the connection if TLS 1.1 negotiation is attempted, on Ubuntu 12.04

Adam Porter 965371 at bugs.launchpad.net
Sat Jul 28 07:50:11 UTC 2012 

The server is at fault for failing to negotiate correctly.

However, from the user experience perspective, the problem happens
because of upgrading Ubuntu.  The problem doesn't exist in Oneiric.  The
problem does exist in > Oneiric.  Also, Precise is a Long Term Support
release.  LTS releases are not supposed to break software that works.
It doesn't matter where the fault ultimately lies--ultimately it's the
Ubuntu user experience that is broken.  If a user can switch to another
distro, or to Windows, and avoid the bug, then Ubuntu has failed, and
Bug #1 has regressed.

Linus Torvalds understands this: he's famous for saying "Don't break
userspace!" even if it's ultimately userspace's fault.  Why doesn't
Ubuntu understand this?

The solution is simple: disable TLS 1.1 and 1.2 by default until servers
are fixed.

Doing this will not cause any problems.  There is no data to support not
doing this.

Doing this will fix a real problem for real people.  There is plenty of
data to support doing this.

What is Ubuntu waiting for?  What does it take to get Ubuntu to do the
right thing?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/965371

Title:
  HTTPS requests fail on sites which immediately close the connection if
  TLS 1.1 negotiation is attempted, on Ubuntu 12.04

Status in OpenSSL cryptography and SSL/TLS toolkit:
  Confirmed
Status in “openssl” package in Ubuntu:
  Fix Released
Status in “openssl” source package in Precise:
  Triaged
Status in “openssl” package in Debian:
  Fix Released

Bug description:
  This week, HTTPS connections from a Python script I wrote started
  giving me this error:

  urllib2.URLError: <urlopen error [Errno 8] _ssl.c:497: EOF occurred in
  violation of protocol>

  This used to work up until some three days ago and still works on
  other Ubuntu versions, but not in other Python versions on Precise. I
  was suspecting this was a bug in Python, but a guy on AskUbuntu (
  http://askubuntu.com/questions/116020/python-https-requests-urllib2
  -to-some-sites-fail-on-ubuntu-12-04-without-proxy/116059#116059 )
  found out this happens using the openssl command line tool too:

  $ openssl s_client -connect www.mediafire.com:443

  But succeeds if forcing TLS 1 with the -tls1 argument.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions

More information about the foundations-bugs mailing list