[Bug 1475228] Re: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server
I'm seeing this too. On 14.04 When I try to use Racket's package manager to download and install a new package. And when I try to make an https request from inside a Racket program I'm writing, using their standard net library. ssl-connect: connect failed (error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1475228 Title: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1475228] Re: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server
** Changed in: openssl (Ubuntu) Status: Expired => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1475228 Title: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1475228] Re: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server
I also experience this bug on Ubuntu Server 14.04.3. "Error: SSLError: [Errno 1] _ssl.c:510: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error" Kernel: 3.19.0-42 OpenSSL: 1.0.1f Will this be fixed in 14.04, or is there some way to fix this? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1475228 Title: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1475228] Re: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server
[Expired for openssl (Ubuntu) because there has been no activity for 60 days.] ** Changed in: openssl (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1475228 Title: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1475228] Re: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server
Same issue here when connecting to https://bootswatch.com via python- requests Linux Mint 17.2 Rafaela / Ubuntu 14.04 LTS dpkg -l openssl 1.0.1f-1ubuntu2.15 openssl s_client -ssl3 -connect bootswatch.com:443 shows: 140204664612512:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1262:SSL alert number 40 140204664612512:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598 openssl s_client -connect bootswatch.com:443 CONNECTED(0003) 140005724673696:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:770: curl bootswatch.com:443 -3 400 The plain HTTP request was sent to HTTPS port 400 Bad Request The plain HTTP request was sent to HTTPS port cloudflare-nginx See further info similar observation: http://stackoverflow.com/a/22858593 Why doe this happen & what could eb done? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1475228 Title: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1475228] Re: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server
output from dpkg -l tomcat7 7.0.52-1ubuntu0.3 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1475228 Title: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1475228] Re: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server
I suspect the server doesn't like the long list of curves 1.0.1 has, but the smaller list in 1.0.2 works. What's running on the server? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1475228 Title: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1475228] Re: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server
This is the commit that allows 1.0.2 to connect successfully: https://git.openssl.org/?p=openssl.git;a=commit;h=f4d1fb776955187a35c3ee36d4413871917c3138 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1475228 Title: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1475228] Re: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server
** Changed in: openssl (Ubuntu) Status: Confirmed = Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1475228 Title: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1475228] Re: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server
On second look, the command that failed on 14.04 is working fine on Wily: $ openssl s_client -connect ms.icometrix.com:443 -cipher ECDHE-RSA- AES256-SHA:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA Opening this back up as it seems to be a bug in Ubuntu's openssl package. ** Changed in: openssl (Ubuntu) Status: Incomplete = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1475228 Title: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1475228] Re: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server
Hi Felix - Thanks for reporting this bug. After making a number of s_client connection attempts and using the ssllabs.com scanner, I believe that the askubuntu member is correct in that the server is mishandling the ECDH ciphers presented by s_client. As mentioned on askubuntu, this command works: $ openssl s_client -connect ms.icometrix.com:443 -cipher 'DEFAULT:!ECDH' If we tailor the ciphers to only what your server advertises support of, it works: $ openssl s_client -connect ms.icometrix.com:443 -cipher AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA However, if we prepend ECDHE-RSA-AES256-SHA to the cipher list, it fails in the manner you originally reported: $ openssl s_client -connect ms.icometrix.com:443 -cipher ECDHE-RSA- AES256-SHA:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA Is the server running tomcat from the Ubuntu archive? If so, you may want to open a bug against the appropriate tomcat package if you cannot see anything wrong with the server's tomcat configuration. ** Changed in: openssl (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1475228 Title: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1475228] Re: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server
If it helps, this is affecting me on Wheezy as well. $ cat /etc/debian_version 7.8 $ openssl version OpenSSL 1.0.1e 11 Feb 2013 $ openssl s_client -connect example.com:443 CONNECTED(0003) 140073850304168:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:749: Python script using requests and bs4: $ python rss.py /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning. InsecurePlatformWarning Traceback (most recent call last): File rss.py, line 19, in module feed = requests.get(x) File /usr/local/lib/python2.7/dist-packages/requests/api.py, line 69, in get return request('get', url, params=params, **kwargs) File /usr/local/lib/python2.7/dist-packages/requests/api.py, line 50, in request response = session.request(method=method, url=url, **kwargs) File /usr/local/lib/python2.7/dist-packages/requests/sessions.py, line 465, in request resp = self.send(prep, **send_kwargs) File /usr/local/lib/python2.7/dist-packages/requests/sessions.py, line 573, in send r = adapter.send(request, **kwargs) File /usr/local/lib/python2.7/dist-packages/requests/adapters.py, line 431, in send raise SSLError(e, request=request) requests.exceptions.SSLError: [Errno 1] _ssl.c:504: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error Same script and URL using feedparser: $ python rss.py {'feed': {}, 'bozo': 1, 'bozo_exception': URLError(SSLError(1, '_ssl.c:504: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error'),), 'entries': []} -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1475228 Title: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1475228] Re: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1475228 Title: openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs