Hi Felix - Thanks for reporting this bug. After making a number of
s_client connection attempts and using the ssllabs.com scanner, I
believe that the askubuntu member is correct in that the server is
mishandling the ECDH ciphers presented by s_client. As mentioned on
askubuntu, this command works:
$ openssl s_client -connect ms.icometrix.com:443 -cipher
'DEFAULT:!ECDH'
If we tailor the ciphers to only what your server advertises support of,
it works:
$ openssl s_client -connect ms.icometrix.com:443 -cipher
AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA
However, if we prepend ECDHE-RSA-AES256-SHA to the cipher list, it fails
in the manner you originally reported:
$ openssl s_client -connect ms.icometrix.com:443 -cipher ECDHE-RSA-
AES256-SHA:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA
Is the server running tomcat from the Ubuntu archive? If so, you may
want to open a bug against the appropriate tomcat package if you cannot
see anything wrong with the server's tomcat configuration.
** Changed in: openssl (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1475228
Title:
openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
on TLS only configured server
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
