On Fri, Mar 23, 2012 at 06:38:40PM +0100, Alessandro Ghedini wrote:
> Hi Kurt,
>
> curl 7.25.0 was released yesterday and I'm now working on updating the
> Debian package. A problem come up though with the --ssl-enable-beast
> new option of curl (which should fix the bug that you have reported)
> and the new version of openssl. If I build curl against the current
> version 1.0.1-2 (uploaded a few days ago) of libssl the option has no
> effect with the URL you posted above and curl fails with the error:
>
> curl: (35) error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
> unexpected message
>
> (the 35 means that the error happened in the SSL handshake).
>
> But if I build with a slightly older libssl (1.0.0h-1) the option works
> as expected and if the option is not used at all the error is the same
> that you reported ("Empty reply from server").
>
> Now, since you did the openssl uploads, do you know of any change in
> openssl that may have caused this problem and if there's anything that
> can be done on the curl's side to fix it?
So I see:
openssl s_client -connect www.eboekhuis.nl:443
CONNECTED(00000003)
140090768766632:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
unexpected message:s23_clnt.c:708:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 324 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
But it works when I use:
openssl s_client -no_tls1_2 -no_tls1_1 -connect www.eboekhuis.nl:443
Tls1.1 and 1.2 support is new since openssl 1.0.1.
I'm not sure what to do about this. I can at least let them know that that is
an issue too.
But maybe I should contact upstream openssl so they can take a look too that
it's not a bug
in openssl.
Kurt
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
