Page MenuHomeDevCentral

Fatal error when a site tries to connect in SSLv3
Closed, ResolvedPublic

Description

Connections to server still accepting SSLv3 fails since last OpenSSL update on Debian Sid.

Connections to server not offering SSLv3 work normally.

Eglide
$ curl https://acme-v01.api.letsencrypt.org
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error

$ curl https://social.nasqueron.org
13:15:44 < Dereckson> <html><body>You are being <a href="https://social.nasqueron.org/about">redirected</a>.</body></html>

$ openssl version
OpenSSL 1.1.0h  27 Mar 2018

Event Timeline

dereckson triaged this task as High priority.Jul 15 2018, 13:20
dereckson created this task.
dereckson added projects: Servers, Eglide.
dereckson updated the task description. (Show Details)
dereckson updated the task description. (Show Details)

Can't repro on Fedora Rawhide with OpenSSL 1.1.1-pre9 (beta) FIPS 21 Aug 2018.

Can't repro either on a fresh Debian Sid installation:

Debian Sid container on Equatower
$ docker pull debian:sid
sid: Pulling from library/debian
516433960039: Pull complete 
Digest: sha256:b66f36c0729b20fe57d8b56be27ab030ba9bb6ecf428b6158680664c4b5f47db
Status: Downloaded newer image for debian:sid

$ docker run -it --rm debian:sid bash
# We're now in a Debian container

$ apt update && apt install openssl
...

$ openssl version
OpenSSL 1.1.1  11 Sep 2018

$ apt install curl
...
Setting up ca-certificates (20180409) ...
...

$ curl https://acme-v01.api.letsencrypt.org
(works)
dereckson raised the priority of this task from High to Needs Triage.Sep 13 2018, 14:15
dereckson moved this task from Backlog to Pending review on the Servers board.

Now fixed on Eglide:

$ openssl version
OpenSSL 1.1.1k  25 Mar 2021
dereckson claimed this task.