SSL_connect:unknown state
Bug #1410989 reported by
Circa Lucid
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Running "openssl s_client", I'm getting some websites (www.tm3.com, ws.myfax.com) that cause requests to hang. I compiled openssl-1.0.1k and it seems to be working now. Is there a more correct fix other than compiling the newest openssl?
Changed in openssl (Ubuntu): | |
status: | New → Won't Fix |
To post a comment you must log in.
These are my test cases and the final solution
user@test0:~$ uname -a cisc,16, int) blowfish(idx) ssp-buffer- size=4 -Wformat -Werror= format- security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic- functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_ NO_TLS1_ 2_CLIENT -DOPENSSL_ MAX_TLS1_ 2_CIPHER_ LENGTH= 50 -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_ BN_ASM_ MONT -DOPENSSL_ BN_ASM_ MONT5 -DOPENSSL_ BN_ASM_ GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM before/ connect initialization
Linux test0 3.11.0-26-generic #45-Ubuntu SMP Tue Jul 15 04:02:06 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
user@test0:~$ openssl version -a
OpenSSL 1.0.1e 11 Feb 2013
built on: Fri Jun 20 18:52:46 UTC 2014
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=
OPENSSLDIR: "/usr/lib/ssl"
user@test0:~$ openssl s_client -CApath /etc/ssl/certs -connect www.tm3.com:443 -state
CONNECTED(00000003)
SSL_connect:
SSL_connect:unknown state
SSL_connect:SSLv3 read server hello A
(truncated)
Verify return code: 0 (ok)
user@test1:~$ uname -a cisc,16, int) blowfish(idx) ssp-buffer- size=4 -Wformat -Werror= format- security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic- functions -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_ BN_ASM_ MONT -DOPENSSL_ BN_ASM_ MONT5 -DOPENSSL_ BN_ASM_ GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
Linux test1 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
user@test1:~$ lsb_release -a | grep Code
Codename: saucy
user@test1:~$ openssl version -a
OpenSSL 1.0.1f 6 Jan 2014
built on: Fri Jun 20 18:54:02 UTC 2014
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,
compiler: cc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=
OPENSSLDIR: "/usr/lib/ssl"
user@test1:~$ openssl s_client -CApath /etc/ssl/certs -connect www.tm3.com:443 -state
(hangs)
user@test1:~$ openssl s_client -CApath /etc/ssl/certs -connect www.tm3.com:443 -state -ssl3
(hangs)
user@test1:~$ openssl s_client -CApath /etc/ssl/certs -connect www.tm3.com:443 -state -tls1
(hangs)
user@test2:~$ uname -a cisc,16, int) blowfish(idx) ssp-buffer- size=4 -Wformat -Werror= format- security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic- functions -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_ BN_ASM_ MONT -DOPENSSL_ BN_ASM_ MONT5 -DOPENSSL_ BN_ASM_ GF2m -DSHA1_ASM -DSHA25...
Linux test2 3.13.0-44-generic #73-Ubuntu SMP Tue Dec 16 00:22:43 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
user@test2:~$ lsb_release -a | grep Code
Codename: trusty
user@test2:~$ openssl version -a
OpenSSL 1.0.1f 6 Jan 2014
built on: Fri Jan 9 17:52:48 UTC 2015
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,
compiler: cc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=