On Saturday 06 June 2015, 1edhaz+9sj4olxjt6...@guerrillamail.com wrote: > Hello, > > LibreSSL 2.2 (openbsd-current) fails to connect to > https://webdav.yandex.com. > > OpenSSL 1.0.1m from OpenBSD packages does succeed. > > Yandex is the largest search engine in Russia. The webdav.yandex.com > site is for accessing their file-hosting service. > > System info: > > $ uname -a > OpenBSD roger.my.domain 5.7 GENERIC.MP#1039 amd64 > $ dmesg | head -n 1 > OpenBSD 5.7-current (GENERIC.MP) #1039: Wed Jun 3 12:09:31 MDT 2015 > [snip]
The issue is due to the remote end not being RFC compliant and failing to complete a TLS handshake when it does not recognise TLS signature algorithms (sigalgs) that are being advertised by the client. In this case the new signature algorithms are related to GOST - almost the definition of irony... If you want to verify this for yourself, you can comment out the GOST related entries in the tls12_sigalgs array in t1_lib.c. HTTPS connections to www.yandex.com work without issue, so it would seemingly be the particular HTTP server that is being used for this service - I would recommend contacting Yandex and reporting the issue to them. -- "Action without study is fatal. Study without action is futile." -- Mary Ritter Beard