[Bug 965371] Re: HTTPS requests fail on sites which immediately close the connection if TLS 1.1 negotiation is attempted, on Ubuntu 12.04

kylea kylea at itvss.com.au
Tue Nov 13 12:54:48 UTC 2012 

I have replaced my calls to

$content = file_get_contents($url);

with a curl call...

    $curl = curl_init($url);

    if (is_resource($curl) === true)
    {
        curl_setopt($curl, CURLOPT_FAILONERROR, true);
        curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($curl, CURLOPT_SSLVERSION, 3);
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);

        if (isset($post) === true)
        {
            curl_setopt($curl, CURLOPT_POST, true);
            curl_setopt($curl, CURLOPT_POSTFIELDS, (is_array($post) === true) ? http_build_query($post, '', '&') : $post);
        }

            $content = curl_exec($curl);

        curl_close($curl);
    }

Key point here is ---->   curl_setopt($curl, CURLOPT_SSLVERSION, 3);

This seems to work on http and https sites.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/965371

Title:
  HTTPS requests fail on sites which immediately close the connection if
  TLS 1.1 negotiation is attempted, on Ubuntu 12.04

Status in OpenSSL cryptography and SSL/TLS toolkit:
  Confirmed
Status in “openssl” package in Ubuntu:
  Fix Released
Status in “openssl” source package in Precise:
  Triaged
Status in “openssl” package in Debian:
  Fix Released

Bug description:
  This week, HTTPS connections from a Python script I wrote started
  giving me this error:

  urllib2.URLError: <urlopen error [Errno 8] _ssl.c:497: EOF occurred in
  violation of protocol>

  This used to work up until some three days ago and still works on
  other Ubuntu versions, but not in other Python versions on Precise. I
  was suspecting this was a bug in Python, but a guy on AskUbuntu (
  http://askubuntu.com/questions/116020/python-https-requests-urllib2
  -to-some-sites-fail-on-ubuntu-12-04-without-proxy/116059#116059 )
  found out this happens using the openssl command line tool too:

  $ openssl s_client -connect www.mediafire.com:443

  But succeeds if forcing TLS 1 with the -tls1 argument.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions

More information about the foundations-bugs mailing list