© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
@rcmd Could you try running a packet sniffer (like wireshark)?
For me this bug shows up when my client hello message includes an "Unknown 15" extension. One of the other patches that worked for some people disabled the SessionTicket extension. The upstream bug report was wondering if it was all unknown SSL extensions that was causing the bad certificate error, or just some of them.
(In wireshark you can find what extensions are included in the by looking in the Info column for "Client Hello", and then expanding 802.1x Authentication -> Extensible Authentication Protocol -> Secure Sockets Layer -> SSL or TLS(*) Record Layer: Handshake Protocol -> Handshake Protocol: Client Hello and look at the bottom of the drop down.
(*) for a working capture it was listed as TLS Record Layer, for a non working capture it was listed as SSL Record Layer.
For me I can connect when the extension list is: ec_point_formats, elliptic_curves, and SessionTicket TLS. But when "Unknown 15" (AKA the Heartbeat extension) is present I can't. The above comments seem to imply that for others it doesn't work if there's the Session Ticket.