SSL Bug in Fedora Core 8 (and 6)
Duncan Berriman
duncan at dcl.co.uk
Wed Nov 28 10:49:42 UTC 2007
I have found a problem with openSSL on FC8. The site being connected to has
a
TLSv1 and SSLV3 SSL Certificate, however as of Fedora Core 6
onwards if SSLv2 is disabled an SSL connection can not be negotiated.
openssl s_client -no_ssl2 -connect xxxxxx.xxxx.com:443
CONNECTED(00000003)
2159:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:
On Fedora Core 4 it works fine and wither a TLSv1 or SSLv3
connection can be made.
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID:
00152056A7A28668B4EB1451B8A2F6809C29A16858585858474743BD00006718
Session-ID-ctx:
Master-Key:
720DC5F3697624BF8C3BEA800AC9EB386B234BB759F9ACD338ADA9DDEBB090
9FD693C0F32DD0A6D577D6CA18A6345C72
Key-Arg : None
Krb5 Principal: None
Start Time: 1195851233
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
This encounted on a live server at a data
centre running Fedora Core 6. I then did a fresh install on
another machine at the office of FC6 and reproduced the
problem. I then did a fresh install of FC8 on the same
machine and again managed to reproduce them straight away.
I have since downgraded the live server to FC4 and it has
Fixed the issue. Problem is not apparent in FC4, Enterprise 3
Or enterprise 4.
Happy to provide the server name off list or do any debugging
If someone can tell me what they need.
Thanks in advance
Duncan
More information about the fedora-list
mailing list