Your message dated Sun, 17 Apr 2016 14:58:35 +0200 with message-id <[email protected]> and subject line Re: [openssl] can't connect to hosts which allow only SSLv3 has caused the Debian Bug report #683159, regarding [openssl] can't connect to hosts which allow only SSLv3 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 683159: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683159 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: openssl Version: 1.0.1c-3 Severity: important --- Please enter the report below this line. --- I can't connect to hosts which allow only SSLv3 : $ openssl s_client -connect www.ovh.com:443 CONNECTED(00000003) 139991546484392:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 320 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- but by specifiying "ssl3" on command line, it works : $ openssl s_client -connect www.ovh.com:443 -ssl3 CONNECTED(00000003) depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain 0 s:/serialNumber=424761419/1.3.6.1.4.1.311.60.2.1.3=FR/1.3.6.1.4.1.311.60.2.1.2=Nord/1.3.6.1.4.1.311.60.2.1.1=ROUBAIX/businessCategory=Private Organization/C=FR/postalCode=59100/ST=NORD/L=ROUBAIX/street=2 rue Kellermann/O=OVH/OU=0002 424761419/OU=Comodo EV SSL/CN=www.ovh.com i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Extended Validation Secure Server CA 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Extended Validation Secure Server CA i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root 3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root --- [...] --- SSL handshake has read 5379 bytes and written 491 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : AES256-SHA Session-ID: 8635E8662D8A62507C15E8371C4E8121F317A17F15D749FE40112EA5FC022455 Session-ID-ctx: Master-Key: D5035A130786444B3B08C7E522EA0805B80B461803F32554B1ABF98B9172ECBE98E9252C4A6840F8500C9913CAE85281 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1343556050 Timeout : 7200 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- Note that *gnutls* is also affected, but browsers like Lynx, Iceweasel, Chromium or Empathy doesn't have any trouble. --- System information. --- Architecture: amd64 Kernel: Linux 3.2.0-3-amd64 Debian Release: wheezy/sid 500 unstable apt.daevel.fr 1 experimental apt.daevel.fr --- Package information. --- Depends (Version) | Installed ============================-+-============= libc6 (>= 2.7) | 2.13-35 libssl1.0.0 (>= 1.0.1) | 1.0.1c-3 zlib1g (>= 1:1.1.4) | 1:1.2.7.dfsg-13 Package's Recommends field is empty. Suggests (Version) | Installed ==============================-+-=========== ca-certificates | 20120623
--- End Message ---
--- Begin Message ---closing because not beeing able to do SSLv2/SSLv3 is a bug these days. Sebastian
--- End Message ---
