Summary: | net-libs/neon with >=dev-libs/openssl-1.0.1 - net-fs/davfs2 and net-misc/cadaver fail to connect to a blackboard LMS | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Bill Kenworthy <bill> |
Component: | Current packages | Assignee: | Arfrever Frehtes Taifersar Arahesis <arfrever.fta> |
Status: | RESOLVED OBSOLETE | ||
Severity: | normal | CC: | jsmolic, jstein, mgorny |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Bill Kenworthy
2013-02-10 00:34:07 UTC
Do they work when you compile net-libs/neon with USE="gnutls -ssl"? Yes, that was the original configuration ... I cant find the original redhat post that tipped me off to the cause but it actually suggested moving from gnutls to openssl and forcing sslv3 (which cant be done with neon as far as I can see). It was at this point I discovered an machine that had not been upgraded worked with the older openssl so moved my desktop to openssl which didnt work either whereupon I found the version differences. The blackboard LMS systems are notorious as being particularly "difficult" for users/admins to deal with but I am not sure if its a standards problem, or just "one of those things" - google shows "unknown protocol" can be caused by client or server. using: openssl s_client -host lms.murdoch.edu.au -port 443 connects to the server and lists the config details. There is a "Verify return code: 20 (unable to get local issuer certificate)" but as firefox connects ok I dont think thats a real problem. Wireshark shows Firefox using tlsv1, and neon starting and failing the protocol negotiation. BillK whoops, typo. The first sentence should read "No, it did not work" gnutls was the original configuration. It did work some several months ago, but there have been many upgrades both ends since then. This issue likely has the same cause as https://bugs.gentoo.org/show_bug.cgi?id=462348. Openssl 1.0.1 tries to use tls v1.1 or 1.2 for client connections and can't fallback to tls v1.0. There is a long discussion of this same issue here: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371 Ubuntu applied a patch to disable tls v1.1 and 1.2 for client connections. Is there some way to tell neon to use a tls v1.0 connection, rather than leaving the negotiation up to openssl? If so, that may be another way to workaround this issue. Is this still a problem? |