SSL handshake error when connecting to api.samurai.feefighters.com
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
I am receiving an SSL handshake error when connecting to my credit card gateway. Ubuntu version is 12.04. OpenSSL version is 1.0.1-4ubuntu5.3. Server is running on an OpenStack VPS
I can connect to the gateway without errors from Ubuntu 10.04 and Fedora 17. Interestingly, if I specify SSLv3 (openssl s_client -connect api.samurai.
I have attached the output of "openssl s_client -connect api.samurai.
Let me know if there is any other information I can provide.
affects: | ubuntu → openssl (Ubuntu) |
I've done some further testing. First I recompiled OpenSSL with SSLv2 support. I received the same error when connecting to api.samurai. feefighters. com. I went back to the command line and tested more options to try and narrow down the problem. Here are the results:
openssl s_client -connect api.samurai. feefighters. com:443 -ssl2 Error (expected as remote server has disabled SSLv2) feefighters. com:443 -ssl3 Works feefighters. com:443 -tls1 Works feefighters. com:443 -tls1_1 Error feefighters. com:443 -tls1_2 Error
openssl s_client -connect api.samurai.
openssl s_client -connect api.samurai.
openssl s_client -connect api.samurai.
openssl s_client -connect api.samurai.
openssl s_client -connect api.samurai. feefighters. com:443 -no_ssl2 Error feefighters. com:443 -no_ssl3 Error feefighters. com:443 -no_tls1 Error feefighters. com:443 -no_tls1_1 Works feefighters. com:443 -no_tls1_2 Error
openssl s_client -connect api.samurai.
openssl s_client -connect api.samurai.
openssl s_client -connect api.samurai.
openssl s_client -connect api.samurai.
The second to last line demonstrates to me that the remote server is configured to prefer TLSv1.1, and somewhere there is a bug which is causing the connection to fail when using TLSv1.1. There is also an error when using TLSv1.2 but I am uncertain if the remote server supports TLSv1.2