[Touch-packages] [Bug 1612711] Re: TLS negation fails

2017-11-09 Thread Graham Leggett
More details. The ClientHello packet in this case is larger than 255 bytes, and is triggering the handshake failure in one of two ways. When psql linked to openssl v1.0.1f attempts to connect to postgresql linked to openssl v1.0.1f, the client side sends 8 bytes, then 1 byte, then 305 bytes in my

[Touch-packages] [Bug 1612711] Re: TLS negation fails

2017-11-08 Thread Graham Leggett
Using openssl s_client on a MacOS Sierra machine connecting to the same postgresql server, the failure is identical. Looks like whatever is triggering this is caused by the server, but is being failed by the client. -- You received this bug notification because you are a member of Ubuntu Touch s

[Touch-packages] [Bug 1612711] Re: TLS negation fails

2017-11-08 Thread Graham Leggett
ssldump looks like the below. >From ssldump, we can see that the server sent three separate certificates. Openssl s_client however claims that no certificates were detected. New TCP connection #42: 172.29.231.43(33116) <-> 172.29.228.240(5432) 42 1 0.0038 (0.0038) C>SV3.1(300) Handshake C

[Touch-packages] [Bug 1612711] Re: TLS negation fails

2017-11-08 Thread Graham Leggett
Despite printing "no peer certificate available" below, the postgresql server serves three certificates (two intermediates and a leaf) as picked up by ssldump. In this case it is the client side that is triggering the handshake failure, not the server. The client side refuses to add the cause of t

[Touch-packages] [Bug 1612711] Re: TLS negation fails

2017-11-08 Thread Graham Leggett
I am seeing the exact same bug, only with the server being postgresql instead of openldap. The same setup and certificates works fine on Trusty, but have regressed on Xenial. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to op

[Touch-packages] [Bug 1612711] Re: TLS negation fails

2017-11-08 Thread Launchpad Bug Tracker
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: openssl (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.n

[Touch-packages] [Bug 1612711] Re: TLS negation fails

2016-08-12 Thread treaves
The full output is: CONNECTED(0003) 140668035487384:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 305 bytes --- New, (NONE), Cipher is (NONE)