I'm trying to download a document; curl "https://server.db.kvk.nl/TST-BIN/ZS/ZSWWW01@?TYPE=NDNR&NDNR=027312152&NSDN=&submit=" Python, curl, wget all get me: OpenSSL: error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert decode error But on a system with 0.9.8 the system connects and downloads. Explicitly mentioning SSLv3 download the file; wget --secure-protocol=SSLv3 "https://server.db.kvk.nl/TST-BIN/ZS/ZSWWW01@?TYPE=NDNR&NDNR=027312152&NSDN=&submit=" I already tried to revert the openssl.cfg, that didn't matter. So... whats wrong here? Reproducible: Always Steps to Reproduce: 1. update openssl 2. revdep rebuild etc. Portage 2.1.8.3 (default/linux/amd64/10.0, gcc-4.4.4, glibc-2.11.2-r0, 2.6.34-gentoo-r1 x86_64) ================================================================= System uname: Linux-2.6.34-gentoo-r1-x86_64-Intel-R-_Pentium-R-_Dual_CPU_E2220_@_2.40GHz-with-gentoo-2.0.1 Timestamp of tree: Fri, 13 Aug 2010 15:15:02 +0000 app-shells/bash: 4.1_p7 dev-lang/python: 2.6.5-r3, 3.1.2-r4 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.6.1-r1 sys-apps/sandbox: 2.2 sys-devel/autoconf: 2.65-r1 sys-devel/automake: 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.3.4, 4.4.4-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.10 virtual/os-headers: 2.6.34 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=nocona" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -pipe -march=nocona" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org" LC_ALL="nl_NL.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="nl en" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.nl.gentoo.org/gentoo-portage" USE="acl amd64 berkdb bzip2 cli cracklib crypt cups cxx dri fontconfig fortran gdbm geoip gpm iconv ipv6 jpeg lzma mmx modules multilib ncurses nls nptl nptlonly odbc openmp openssl pam pcre perl png pppd python readline reflection session spl sse sse2 ssl sysfs tcpd truetype unicode xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="nl en" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa via vmware voodoo" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
I guess it might have to do with renogotiation.
The legacy renegociate doesn't seem to help. For some reason there is no fallback at all. It seems that SSLv2 works, but SSLv3 and TLSv1 do not (anymore?) on this server. Mysteriously everything still works on systems that had not have the upgrade to 1.0.0.
Try "c_rehash /etc/ssl/certs"
(In reply to comment #3) > Try "c_rehash /etc/ssl/certs" Tried that was on #gentoo too, seems to be not the issue. From the OpenSSL mailinglist: As I indicated OpenSSL 1.0.0 does not include any SSLv2 ciphersuites in the default cipher string. That effectively disables SSLv2 by default which is in line with many security recommendations as SSLv2 is highly broken. OpenSSL 0.9.8 and earlier do include SSLv2 ciphersuites. If you enable some SSLv2 ciphersuites in the cipher string in OpneSSL 1.0.0 (how you do that depends on the applications) SSLv2 will be used again. ... And the why: This is because if SSLv2 backward compatibility is enabled in *any* SSL library, then a security hole in the protocol rules for indicating SSLv2 compatibility will allow an attack where the attacker can force two SSL3-or-later computers to talk SSLv2 to each other in a way that can then be easily broken. Therefore most modern SSL implementations disable SSLv2 by default, and starting with OpenSSL 1.0.0, OpenSSL does this too.
so, it sounds like there is no bug here, just expected behavior ?
(In reply to comment #5) > so, it sounds like there is no bug here, just expected behavior ? Yes this is fully expected behavior. But since this bite me, connecting to SSLv2 (only) servers, I expect more people are going to hit this. I wonder if it would be possible to add a useflag sslv2 that adds it to the standard cyphersuite. Disable the useflag by default, but allow legacy programs to work. For example in Python using urllib you cannot overcome this issue, without changing httplib.
np. ive added an IUSE=sslv2 to openssl-1.0.0a-r2.
i think things have been misinterpreted. the change isnt "sslv2 support is disabled", it's "sslv2 is not advertised by default". *) If no SSLv2 ciphers are used don't use an SSLv2 compatible client hello: this allows the use of compression and extensions. Change default cipher string to remove SSLv2 ciphersuites. This effectively avoids ancient SSLv2 by default unless an application cipher string requests it. [Steve Henson] there is no build time option that i can see that reverts this behavior which means there isnt going to be a USE flag. the USE flag i added controls whether to compile support for SSLv2 at all.
Change {R}DEPENDs on the offending packages to <dev-libs/openssl-1.0.0 ?
(In reply to comment #9) > Change {R}DEPENDs on the offending packages to <dev-libs/openssl-1.0.0 ? Will not help, basically the idea is that SSLv2 is deprecated. But there are some services that never upgraded. You can't reach them anymore until you change a bunch of code in 'upstream'. So I think a patch that adds SSLv2 to the default suite would be the only thing that can be done to give complete legacy support.
(In reply to comment #10) > Will not help Why not? Connecting with openssl-0.9.8 works, right? > basically the idea is that SSLv2 is deprecated. And this is a good thing. > So I think a patch that adds SSLv2 to the default suite would be the only thing that can be done to give complete legacy support. I hope not. SSLv2 should really need to be phased out. There is no reason to use SSLv2 anymore.
(In reply to comment #11) > (In reply to comment #10) > > Will not help > > Why not? Connecting with openssl-0.9.8 works, right? The main difference is that SSLv2 is in the default cyphersuite of 0.9.8 and not in 1.0.0 because it is broken by design. Not a binary incompatibility. > > So I think a patch that adds SSLv2 to the default suite would be the only thing that can be done to give complete legacy support. > > I hope not. SSLv2 should really need to be phased out. There is no reason to > use SSLv2 anymore. The reason is compatibility, and yes I wish that it wasn't required as well. But sadly downgrading a remote system back to 0.9.8 is error prone. SSH directly borks...
(In reply to comment #12) > SSH directly borks... Avoid SSH borkage by a static recompile before downgrading openssl? Anyway, so we basically either force some users to downgrade or give the whole user base enough rope to hang themselves (possibly depending on a USE flag)? Bleh.
ive gone a different route in -r3 ... ive added epatch_user, so any patches you need you can drop into /etc/portage/patches/... so you can put any patch in there to restore cipher lists with sslv2 in it. sort of a cop out, but i couldnt quickly find a patch to do what you want. if you do locate such a patch, please attach to this bug for other random peeps.
Just for the note: USE=-sslv2 broke wget and curl linkage for me (fixed in -r3.ebuild): 'some_random_so or binary: undefined reference to `SSLv2_client_method'
I have a similar problem. Mobile device with openssl 0.9.8 can't connect to my server anymore after upgrading my server's openssl from 0.9.8o to 1.0.0d: SSL23_GET_SERVER_HELLO:reason(1112) How can I enable sslv2 in openssl 1.0.0d?
Additional info for my comment above: I cannot change the mobile device. But I found out, it can connect without problems to another server running Gentoo and OpenSSL 1.0.0c. I think, Apache on that server and on my server (OpenSSL 1.0.0d) seem to be identical configured regarding SSL according to http://serversniff.net/. The mobile device can connect to my server, when I use curl -3.
