On Sat, Apr 06, 2013 at 06:25:42PM -0400, John Morrissey wrote: > On Sat, Apr 06, 2013 at 09:07:50PM +0200, Kurt Roeckx wrote: > > On Sat, Apr 06, 2013 at 01:47:51PM -0400, John Morrissey wrote: > > > On Fri, Jan 11, 2013 at 03:10:32PM +0100, Clement Hermann (nodens) wrote: > > > > With some more test and some help from a friend, we made some progress. > > > > > > > > It *does* work when adding -no_tls1_1 option to openssl s_client. > > > > > > > > It works if the server allows renegociation : I can connect to > > > > freenode. > > > > > > > > It seems to be #665452 again, or a variant. > > > > > > > > Anyway, that explains why it works in ubuntu. The patch > > > > tls12_workarounds.patch (attached) works around it (but I'm not > > > > qualified to tell whether this is an acceptable solution or not). > > > > > > I noticed the same thing with ircd-hybrid (rebuilt per the package's > > > instructions to enable SSL support) after upgrading to wheezy recently. > > > > > > wheezy's irssi refused to connect to the ircd, which was running on the > > > local host and linked to the same version of OpenSSL: > > > > > > 140308295767720:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no > > > shared cipher:s3_srvr.c:1355: > > > > Can you reproduce this problem with s_client trying to connect to > > the irc server? > > > > Looking at the hybrid source, it doesn't seem to contain any > > calls to something like OpenSSL_add_all_algorithms(). My > > guess would be that adding that call would fix the problem. > > Hm, I tried just now, but couldn't reproduce with s_client. However, the > issue was still reproducible with irssi+openssl 1.0.1e.
I tried conneting with irssi to something and that gave me a working TLS 1.2 connection. I currently don't see irssi doing anything wrong. Do you have a public irc server I can try and connect to? Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
