Fatal error when a site tries to connect in SSLv3
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	dereckson
	Jul 15 2018, 13:20

Description

Connections to server still accepting SSLv3 fails since last OpenSSL update on Debian Sid.

Connections to server not offering SSLv3 work normally.

Eglide

$ curl https://acme-v01.api.letsencrypt.org
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error

$ curl https://social.nasqueron.org
13:15:44 < Dereckson> <html><body>You are being <a href="https://social.nasqueron.org/about">redirected</a>.</body></html>

$ openssl version
OpenSSL 1.1.0h  27 Mar 2018

Event Timeline

dereckson triaged this task as High priority.Jul 15 2018, 13:20

dereckson created this task.

dereckson added projects: Servers, Eglide.

dereckson updated the task description. (Show Details)

Can't repro on Fedora Rawhide with OpenSSL 1.1.1-pre9 (beta) FIPS 21 Aug 2018.

Can't repro either on a fresh Debian Sid installation:

Debian Sid container on Equatower

$ docker pull debian:sid
sid: Pulling from library/debian
516433960039: Pull complete 
Digest: sha256:b66f36c0729b20fe57d8b56be27ab030ba9bb6ecf428b6158680664c4b5f47db
Status: Downloaded newer image for debian:sid

$ docker run -it --rm debian:sid bash
# We're now in a Debian container

$ apt update && apt install openssl
...

$ openssl version
OpenSSL 1.1.1  11 Sep 2018

$ apt install curl
...
Setting up ca-certificates (20180409) ...
...

$ curl https://acme-v01.api.letsencrypt.org
(works)

dereckson raised the priority of this task from High to Needs Triage.Sep 13 2018, 14:15

dereckson moved this task from Backlog to Pending review on the Servers board.

Now fixed on Eglide:

$ openssl version
OpenSSL 1.1.1k  25 Mar 2021

dereckson closed this task as Resolved.Mar 12 2022, 12:42

dereckson claimed this task.

Fatal error when a site tries to connect in SSLv3Closed, ResolvedPublicActions

Description

Event Timeline

Fatal error when a site tries to connect in SSLv3
Closed, ResolvedPublic
Actions