Using the advice here: http://blog.techstacks.com/2008/09/securing-ssl-
in-tomcat-part-two.html - in other words, constraining the ciphers
allowed in my tomcat server's SSL connector definition, made the problem
go away.

curl now works on the openssl 1.0.0 clients without -3

the attached perl script also now works on the openssl 1.0.0 clients

To clarify, the full text of the error message I was getting looked like (from 
curl):
curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert 
internal error

And from perl:
./test.pl 
Can't connect to solr-server.example.org:8443

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown 
errorerror:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal 
error at /usr/share/perl5/LWP/Protocol/http.pm line 51.
500 Can't connect to solr-server.example.org:8443 at ./test.pl line 19.


** Attachment added: "example perl script to test LWP::UserAgent"
   
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137/+attachment/2604458/+files/test.pl

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/861137

Title:
  Openssl TLS errors while connecting to SSLv3 sites

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to