Source: openssl
Severity: important
Tags: upstream ipv6
When trying to establish a secure connection using an IPv6-only host using
openssl s_client -connect ipv6-only.example.net:443
the only message you get is that OpenSSL s_client was unable to resolve that
hostname accompanied by a message that there was no error in the connection:
gethostbyname failure
connect:errno=0
This renders openssl s_client useless on IPv6-only networks. On hostnames
offering both IPv4 and IPv6 addresses OpenSSL silently ignores the IPv6 address
and connects to the IPv4 address in violation of RFCs stating the IPv6 should
be preferred.
IPv6 is around for a good 20 years now and yet not even the basics work
despite quite a few people sending patches on this matter:
https://bugs.debian.org/589520
https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=openssl_s_client_s_server_with_ipv6.diff;att=1;bug=589520
Would be nice if our tools could be upgraded to something more recent than
the stone-aged versions we are distributing ATM.
Kind regards,
Benny Baumann
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (900, 'testing'), (800, 'stable'), (750, 'experimental'), (700,
'unstable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.13-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
