On Wed, Oct 03, 2012 at 06:55:21PM +0200, Jean-Christophe Dubacq wrote: > Package: libssl1.0.0 > Version: 1.0.1c-4 > Severity: normal > > Dear Maintainer, > > The following site (a major bank in France) does not > work with openssl > 1.0.0h-1: > > openssl s_client -connect www.labanquepostale.fr:443 > CONNECTED(00000003) [...] > It worked in 1.0.0h.
This seems to be an other case of a site having a problem with a long client hello. The only known cause of this is that they might use a product from F5 Networks using their BigIP prodcut. I suggest you contact the bank and let them know that they should upgrade their software. As work around you can do the following things: - Limit the number of ciphers. - Don't use TLS 1.2 Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
