Intermittent SSL connection faults when using TLSv1
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OEM Priority Project |
Won't Fix
|
Medium
|
Steve Magoun | ||
Lucid |
Won't Fix
|
Undecided
|
Unassigned | ||
apache (Ubuntu) |
Won't Fix
|
Low
|
Canonical Server | ||
openssl (Ubuntu) |
Won't Fix
|
Low
|
James M. Leddy |
Bug Description
Binary package hint: openssl
Reported intermittent SSL connection issue on some apache mod_ssl vhosts.
Platform: Ubuntu 10.04.2 LTS
Tested: Apache2-
Firefox client will intermittently report:
Secure Connection Failed
An error occurred during a connection to oem-ibs.
Peer's certificate has an invalid signature.
(Error code: sec_error_
Condition will clear on reload.
Occassionally the server will alternately serve a good page followed by an SSL error until Apache is restarted. I am unable to reproduce the condition on demand, but have output from when the fault occurs. When the fault condition occurs it can be reproduced with any SSL client.
The fault presents on multiple distinct servers.
Initially suspected to be a bug with mod_ssl https:/
Tested with SSL certs from different CAs.
Example:
$ openssl s_client -connect oem-ibs.
CONNECTED(00000003)
depth=2 /C=US/O=thawte, Inc./OU=
verify error:num=20:unable to get local issuer certificate
verify return:0
14563:error:
14563:error:
14563:error:
Changed in oem-priority: | |
assignee: | nobody → Canonical Platform QA Team (canonical-platform-qa) |
Changed in oem-priority: | |
assignee: | Canonical Platform QA Team (canonical-platform-qa) → Canonical Foundations Team (canonical-foundations) |
Changed in oem-priority: | |
assignee: | Colin Watson (cjwatson) → Steve Magoun (smagoun) |
Changed in apache (Ubuntu): | |
status: | New → Confirmed |
assignee: | nobody → Canonical Server Team (canonical-server) |
summary: |
- Intermittent SSL connection faults + Intermittent SSL connection faults when using TLSv1 |
Changed in oem-priority: | |
importance: | High → Medium |
Changed in openssl (Ubuntu): | |
status: | Confirmed → Incomplete |
Changed in openssl (Ubuntu): | |
status: | Incomplete → Won't Fix |
Changed in apache (Ubuntu): | |
status: | Confirmed → Won't Fix |
And Lucid openssl 0.9.8k-7ubuntu8.6