Hi,
With some more test and some help from a friend, we made some progress.
It *does* work when adding -no_tls1_1 option to openssl s_client.
It works if the server allows renegociation : I can connect to freenode.
It seems to be #665452 again, or a variant.
Anyway, that explains why it works in ubuntu. The patch
tls12_workarounds.patch (attached) works around it (but I'm not
qualified to tell whether this is an acceptable solution or not).
The patch headers give some more information, I'll copy it here for
readability of the report :
-----patch header-----
Description: Work around TLS 1.2 failures for some broken servers that
"hang" if a client hello record length exceeds 255 bytes.
.
1. Set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50. This will truncate
the number of ciphers sent in the client hello.
2. Set OPENSSL_NO_TLS1_2_CLIENT to disable TLS 1.2 client support
entirely.
Also, check TLS_get_client_version() rather than TLS1_get_versions() to avoid
improper truncation of client hello cipher lists. This change has been
forwarded upstream in rt #2881.
Bug-Ubuntu:https://bugs.launchpad.net/bugs/965371
Bug-Debian:http://bugs.debian.org/665452
Bug:http://rt.openssl.org/Ticket/Display.html?id=2771
Bug:http://rt.openssl.org/Ticket/Display.html?id=2881
Forwarded: not-needed
Last-Update: 2012-10-04
-----End of patch header-----
Cheers.
- --
Clement Hermann (nodens)
- - "L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?"
Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/
Vous trouverez ma clef publique sur le serveur public pgp.mit.edu.
Please find my public key on the public keyserver pgp.mit.edu.
Description: Work around TLS 1.2 failures for some broken servers that
"hang" if a client hello record length exceeds 255 bytes.
.
1. Set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50. This will truncate
the number of ciphers sent in the client hello.
2. Set OPENSSL_NO_TLS1_2_CLIENT to disable TLS 1.2 client support
entirely.
Also, check TLS_get_client_version() rather than TLS1_get_versions() to avoid
improper truncation of client hello cipher lists. This change has been
forwarded upstream in rt #2881.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/965371
Bug-Debian: http://bugs.debian.org/665452
Bug: http://rt.openssl.org/Ticket/Display.html?id=2771
Bug: http://rt.openssl.org/Ticket/Display.html?id=2881
Forwarded: not-needed
Last-Update: 2012-10-04
Index: openssl-1.0.1c/Configure
===================================================================
--- openssl-1.0.1c.orig/Configure 2012-10-03 23:59:05.235548667 -0700
+++ openssl-1.0.1c/Configure 2012-10-04 10:34:23.076454592 -0700
@@ -106,7 +106,7 @@
my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
-my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
+my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50";
$debian_cflags =~ s/\n/ /g;
my $strict_warnings = 0;
Index: openssl-1.0.1c/ssl/s23_clnt.c
===================================================================
--- openssl-1.0.1c.orig/ssl/s23_clnt.c 2012-10-03 23:46:22.967530550 -0700
+++ openssl-1.0.1c/ssl/s23_clnt.c 2012-10-04 10:33:13.820452946 -0700
@@ -491,7 +491,7 @@
* as hack workaround chop number of supported ciphers
* to keep it well below this if we use TLS v1.2
*/
- if (TLS1_get_version(s) >= TLS1_2_VERSION
+ if (TLS1_get_client_version(s) >= TLS1_2_VERSION
&& i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
#endif
