[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: lib/46878: connection to some https site using opensslcausesfreeze
The following reply was made to PR lib/46878; it has been noted by GNATS.
From: Izumi Tsutsui <tsutsui%ceres.dti.ne.jp@localhost>
Subject: Re: lib/46878: connection to some https site using opensslcausesfreeze
Date: Wed, 3 Oct 2012 21:30:15 +0900
> I have tested with openssl-1.0.1-stable-SNAP-20121002.tar.gz
> (OpenSSL 1.0.1d-dev).
> And I cannot connect to the servers.
Actually the renegotiation fix in 1.0.1d is unrelated, i.e.
the following fix doesn't solve the "server hang" problem at all:
I'm afraid it means the server side problem can't be resolved
by client side.
On the other hand, using -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50
on libssl build works around, but it seems several people still
claim "it isn't a right fix."
It looks Wine had the same problem and they fixed it
by disabling TLS 1.2 in their applications per Windows settings:
Then, I think at least site specific applications like nicovideo_dl
should be fixed by disabling TLS 1.2 in it as well.
It would also be worth to make openssl have configurable
settings for equivalents of OPENSSL_MAX_TLS1_2_CIPHER_LENGTH and
OPENSSL_NO_TLS1_2_CLIENT in openssl.cnf for long term workaround,
rather than compile time settings.
Main Index |
Thread Index |