[Bug 861137] Re: Openssl TLS errors while connecting to SSLv3 sites

Jeremiah Snapp 861137 at bugs.launchpad.net
Fri Nov 2 12:43:08 UTC 2012 

I just found that instead of restricting the available ciphers on the
Tomcat server as per comment #6 I am also able to workaround the problem
by just restricting the available ciphers that the Apache proxy uses by
adding "SSLProxyCipherSuite RC4-SHA" to my Apache VirtualHost config.
This makes more sense to me to since the problem is with the new server
rather than with the old Tomcat server.  (At least that's my
understanding.)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/861137

Title:
  Openssl TLS errors while connecting to SSLv3 sites

Status in “openssl” package in Ubuntu:
  Confirmed

Bug description:
  I upgraded to Oneiric Ocelot beta1. OpenSSL version is "1.0.0e 6 Sep
  2011"

  Now, when I connect to certain HTTPs servers with wget or curl I get a
  TLS error.

  With wget : OpenSSL: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
  With curl : curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

  In wget, this can be fixed by specifying --secure-protocol=sslv3 option
  In curl, this can be fixed by specifying -sslv3 option

  The issue is that the automatic check for the version seems to be
  failing. This is working fine in Natty systems using older versions of
  openssl.

  The impact of this will be in scripts using curl, wget etc. which will
  start failing after an upgrade.

  Ubuntu version

  Description:	Ubuntu oneiric (development branch)
  Release:	11.10

  OpenSSL version : OpenSSL 1.0.0e 6 Sep 2011

  openssl:
    Installed: 1.0.0e-2ubuntu2
    Candidate: 1.0.0e-2ubuntu2
    Version table:
   *** 1.0.0e-2ubuntu2 0
          500 http://us.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages
          100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137/+subscriptions

More information about the foundations-bugs mailing list