On Sun, Apr 22, 2012 at 03:57:51PM +0200, Kurt Roeckx wrote:
> So it's my understanding that this happens:
> - openssl sends a ClientHello, and says it supports TLS 1.0 - 1.2
> - the server sends backa ServerHello saying to use TLS 1.1
> - openssl has TLS 1.1 disabled and the connection fails.
>
On Sun, Apr 22, 2012 at 01:40:17PM +0200, Kurt Roeckx wrote:
> On Sun, Apr 22, 2012 at 01:29:19PM +0200, Alberto Garcia wrote:
> >
> > If I use -no_tls1_2 alone it also works. In this case:
> >
> > SSL-Session:
> > Protocol : TLSv1.1
> > Cipher: DHE-RSA-AES256-SHA
>
> So it's an imp
On Sun, Apr 22, 2012 at 02:06:09PM +0200, Kurt Roeckx wrote:
> On Sun, Apr 22, 2012 at 01:48:24PM +0200, Alberto Garcia wrote:
> > On Sun, Apr 22, 2012 at 01:40:17PM +0200, Kurt Roeckx wrote:
> >
> > > So it's an implementation that supports TLS 1.1 but not 1.2? Do you
> > > know which SSL librar
On Sun, Apr 22, 2012 at 02:06:09PM +0200, Kurt Roeckx wrote:
> > I don't have access to that machine, so no idea about the
> > SSL library, but the /version command says the IRC server is
> > InspIRCd-1.1.23.
>
> Which in Debian is linked to libgnutls26, which should support TLS
> 1.2 ...
I don'
On Sun, Apr 22, 2012 at 01:29:19PM +0200, Alberto Garcia wrote:
>
> If I use -no_tls1_2 alone it also works. In this case:
>
> SSL-Session:
> Protocol : TLSv1.1
> Cipher: DHE-RSA-AES256-SHA
So it's an implementation that supports TLS 1.1 but not 1.2? Do
you know which SSL library i
On Wed, Apr 18, 2012 at 10:03:19AM +0200, Alberto Garcia wrote:
> On Wed, Apr 18, 2012 at 09:09:35AM +0200, Kurt Roeckx wrote:
>
> > > Summarizing: you'll have the TLS 1.1 support disabled depending on
> > > the version you compiled your code with.
> >
> > 1.0.0 didn't have TLS 1.1 support, it wa
On Sun, Apr 22, 2012 at 01:48:24PM +0200, Alberto Garcia wrote:
> On Sun, Apr 22, 2012 at 01:40:17PM +0200, Kurt Roeckx wrote:
>
> > So it's an implementation that supports TLS 1.1 but not 1.2? Do you
> > know which SSL library is being used, or at least what software the
> > IRC server runs?
>
On Sun, Apr 22, 2012 at 01:13:48PM +0200, Kurt Roeckx wrote:
> Can you try using openssl s_client with the "-no_tls1_1" option?
>
> Can you also try to see if the 1.0.1a version makes any difference?
I'm using OpenSSL 1.0.1a-3 now, but irssi seems to keep having
problems.
This is the s_client o
On Sun, Apr 22, 2012 at 01:40:17PM +0200, Kurt Roeckx wrote:
> So it's an implementation that supports TLS 1.1 but not 1.2? Do you
> know which SSL library is being used, or at least what software the
> IRC server runs?
I don't have access to that machine, so no idea about the SSL library,
but t
On Wed, Apr 18, 2012 at 09:09:35AM +0200, Kurt Roeckx wrote:
> > Summarizing: you'll have the TLS 1.1 support disabled depending on
> > the version you compiled your code with.
>
> 1.0.0 didn't have TLS 1.1 support, it was only added in 1.0.1. I
> wonder why that option exist in the first place
On Wed, Apr 18, 2012 at 12:16:49AM +0200, Alberto Garcia wrote:
> On Tue, Apr 17, 2012 at 08:18:45PM +0200, Kurt Roeckx wrote:
>
> > > I think I found the problem. In irssi's network-openssl.c:409
> > >
> > >SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
> > >
> > > In the latest ve
On Tue, Apr 17, 2012 at 08:18:45PM +0200, Kurt Roeckx wrote:
> > I think I found the problem. In irssi's network-openssl.c:409
> >
> >SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
> >
> > In the latest versions of OpenSSL, SSL_OP_ALL includes
> > SSL_OP_NO_TLSv1_1.
>
> So you mean
On Tue, Apr 17, 2012 at 01:37:47PM +0200, Alberto Garcia wrote:
> On Fri, Apr 13, 2012 at 07:22:36PM +0200, Kurt Roeckx wrote:
>
> > > > Ok, this is interesting, I was going to try that patch but
> > > > found out that just recompiling irssi 0.8.15-4 (using pbuilder,
> > > > without any changes) m
On Tue, Apr 17, 2012 at 01:37:46PM +0200, Alberto Garcia wrote:
> In the latest versions of OpenSSL, SSL_OP_ALL includes
> SSL_OP_NO_TLSv1_1.
...and that's actually what's explained in the patch mentioned
by Wolfram %-)
Berto
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.
On Fri, Apr 13, 2012 at 07:22:36PM +0200, Kurt Roeckx wrote:
> > > Ok, this is interesting, I was going to try that patch but
> > > found out that just recompiling irssi 0.8.15-4 (using pbuilder,
> > > without any changes) makes the problem disappear ... :?
>
> That's doesn't make much sense, and
On Fri, Apr 13, 2012 at 02:45:15PM +0200, Alberto Garcia wrote:
> On Fri, Apr 13, 2012 at 02:13:00PM +0200, Alberto Garcia wrote:
>
> > > I'd assume that this is the culprit:
> > >
> > > http://bugs.irssi.org/index.php?do=details&task_id=841
> > >
> > > Haven't tried the patch, though...
That p
On Fri, Apr 13, 2012 at 02:13:00PM +0200, Alberto Garcia wrote:
> > I'd assume that this is the culprit:
> >
> > http://bugs.irssi.org/index.php?do=details&task_id=841
> >
> > Haven't tried the patch, though...
>
> Ok, this is interesting, I was going to try that patch but found out
> that just
On Thu, Apr 12, 2012 at 12:12:28PM +0200, Wolfram Sang wrote:
> I'd assume that this is the culprit:
>
> http://bugs.irssi.org/index.php?do=details&task_id=841
>
> Haven't tried the patch, though...
Ok, this is interesting, I was going to try that patch but found out
that just recompiling irssi
I'd assume that this is the culprit:
http://bugs.irssi.org/index.php?do=details&task_id=841
Haven't tried the patch, though...
--
Pengutronix e.K. | Wolfram Sang|
Industrial Linux Solutions | http://www.pengutronix.de/ |
signature.as
19 matches
Mail list logo
