On 08/10/2013 19:13, Kurt Roeckx wrote: > > Yes, disabling TLS 1.2 seems to fix your issue, but I really have > no idea why. I also don't think this is a good idea. > > You say that the other side is using OpenSSL 1.0.1, but it looks > like a really weird version to me. It doesn't seem to support > TLS 1.2 but does 1.1 while there never was a version released > that only didn't do 1.2 but did 1.1. > > It seems to be a snapshot from cvs/git since it says "1.0.1-stable > 05 Jun 2011" and doesn't actually have any real version in it. > Looking at the release history and git repository, it seems to be > in the middle of a development cycle. Please note that 1.0.1 was > released on 19 Apr 2012. > > So I suggest you upgrade it to a released version like 1.0.1e or > the current 1.0.1-stable version. The server admin fixed the issue by importing this commit in the 1.0.1c NetBSD version : http://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff;f=ssl/s3_pkt.c;h=dca345865a10a5fae10741e009676731181fc60d;hp=2d569cc1cedc5aa2bb0d0e7f876a22468e77950e;hb=c3b130338760a7e52656fd217d1d4c846e85cdff;hpb=5762f7778da56b9502534fd236007b9a1b0244d9
I think the issue is in the client as well, but fixing it on the server side is enough for it to work. Cheers, -- Clement Hermann (nodens) - "L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?" Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org