openssl 3.0.2 backport IgnoreUnexpectedEOF ssl config option from 3.2
Bug #2055304 reported by
Hanno Zysik
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
I get "Closing connection 0 curl: (35) error:0A000126:SSL routines:
Example:
$ tail -n 3 /etc/ssl/
[system_
CipherString = DEFAULT:@SECLEVEL=2
Options = IgnoreUnexpectedEOF
[0] https:/
[1] https:/
[2] https:/
To post a comment you must log in.
Thanks for the report. I am reluctant to backport this as I'm not sure it makes a lot of sense system-wide. Curl upstream didn't seem happy with enabling this work-around even in 2021. It seems the reason to integrate this would be to be able to ignore this despite curl not ignoring it nor offering a way to ignore it.
I also don't like that it's the kind of configuration that will linger on systems for years, if not decades. For the distribution, this also means that once the patch is in, it needs to be supported for 15 years. On the other hand, it will get in after 24.04/Noble is released since upstream merged it...
Still, I can't make a compelling case in favor of this patch. This is especially troublesome since a change to released versions needs exactly that.
Which servers are you experiencing this issue with?