On Mon, Aug 03, 2020 at 10:33:40AM +0000, Mikolaj Kucharski wrote: > Hi, > > I'm unable to openssl s_client, wget, curl or ftp the domain > k8sapi.prod.chorus1.net. Here is example session with ftp command: > > $ ftp -o /dev/null https://k8sapi.prod.chorus1.net/ > Trying 34.102.178.128... > TLS handshake failure: handshake failed: error:1404B09F:SSL > routines:ST_CONNECT:length mismatch > > When I use Firefox, Chromium or gnutls-cli I'm able fetch content behind > the url (JSON with an error, which is expected). Also using eopenssl > and eopenssl11 works with mentioned domain.
Thanks for the report. This is the same issue as discussed here: https://marc.info/?l=libressl&m=159320344528945&w=2 <<< TLS 1.3 Handshake [length 0069], CertificateRequest 0d 00 00 65 00 00 62 00 05 00 00 00 12 00 00 00 0d 00 1a 00 18 08 04 04 03 08 07 08 05 08 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 00 2f 00 38 00 36 00 17 30 15 31 13 30 11 06 03 55 04 03 13 0a 6b 75 62 65 72 6e 65 74 65 73 00 1b 30 19 31 17 30 15 06 03 55 04 03 13 0e 66 72 6f 6e 74 2d 70 72 6f 78 79 2d 63 61 TLS client extension "status request" (id=5), len=0 This diff should fix the problem: https://marc.info/?l=libressl&m=159601181028142&w=2 I will commit a cleaned-up version of that diff soon.
