openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error on TLS only configured server
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
We encounter very strange problems connecting with openssl or curl to one of our servers, from Ubuntu 14.04
Executing:
openssl s_client -connect ms.icometrix.
gives:
CONNECTED(00000003)
140557262718624
internal error:s23_
A similar error when executing:
curl https:/
curl: (35) error:14077438:SSL routines:
internal error
Output of openssl version (on client/server):
OpenSSL 1.0.1f 6 Jan 2014
The funny thing is, the problem vanishes when connecting with other versions of Openssl:
From a mac, OpenSSL 0.9.8zd 8 Jan 2015, all ok
From centos, OpenSSL 1.0.1e-fips 11 Feb 2013, all ok
Latest stable release on Ubuntu 14.04, OpenSSL 1.0.2d 9 Jul 2015, all ok.
From server side, we do not see anything strange. The problem started when we disabled SSL3 on our machines.
Might there be a problem with the build in the apt-get?
We also test other versions, the one proposed by apt-cache showpkg, but the problem remains...
BTW: I don't consider this the same as https:/
information type: | Private Security → Public Security |
Changed in openssl (Ubuntu): | |
status: | Confirmed → Incomplete |
Changed in openssl (Ubuntu): | |
status: | Expired → Confirmed |
If it helps, this is affecting me on Wheezy as well.
$ cat /etc/debian_version
7.8
$ openssl version
OpenSSL 1.0.1e 11 Feb 2013
$ openssl s_client -connect example.com:443 :error: 14077438: SSL routines: SSL23_GET_ SERVER_ HELLO:tlsv1 alert internal error:s23_ clnt.c: 749:
CONNECTED(00000003)
140073850304168
Python script using requests and bs4: lib/python2. 7/dist- packages/ requests/ packages/ urllib3/ util/ssl_ .py:90: InsecurePlatfor mWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https:/ /urllib3. readthedocs. org/en/ latest/ security. html#insecurepl atformwarning. ormWarning lib/python2. 7/dist- packages/ requests/ api.py" , line 69, in get lib/python2. 7/dist- packages/ requests/ api.py" , line 50, in request request( method= method, url=url, **kwargs) lib/python2. 7/dist- packages/ requests/ sessions. py", line 465, in request lib/python2. 7/dist- packages/ requests/ sessions. py", line 573, in send send(request, **kwargs) lib/python2. 7/dist- packages/ requests/ adapters. py", line 431, in send exceptions. SSLError: [Errno 1] _ssl.c:504: error:14077438:SSL routines: SSL23_GET_ SERVER_ HELLO:tlsv1 alert internal error
$ python rss.py
/usr/local/
InsecurePlatf
Traceback (most recent call last):
File "rss.py", line 19, in <module>
feed = requests.get(x)
File "/usr/local/
return request('get', url, params=params, **kwargs)
File "/usr/local/
response = session.
File "/usr/local/
resp = self.send(prep, **send_kwargs)
File "/usr/local/
r = adapter.
File "/usr/local/
raise SSLError(e, request=request)
requests.
Same script and URL using feedparser: SSLError( 1, '_ssl.c:504: error:14077438:SSL routines: SSL23_GET_ SERVER_ HELLO:tlsv1 alert internal error'),), 'entries': []}
$ python rss.py
{'feed': {}, 'bozo': 1, 'bozo_exception': URLError(