NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: lib/46878: connection to some https site using opensslcausesfreeze

The following reply was made to PR lib/46878; it has been noted by GNATS.

From: Izumi Tsutsui <>
Subject: Re: lib/46878: connection to some https site using opensslcausesfreeze
Date: Wed, 3 Oct 2012 21:30:15 +0900

 ryoon@ wrote:
 > I have tested with openssl-1.0.1-stable-SNAP-20121002.tar.gz
 > (OpenSSL 1.0.1d-dev).
 > And I cannot connect to the servers.
 Actually the renegotiation fix in 1.0.1d is unrelated, i.e.
 the following fix doesn't solve the "server hang" problem at all:
 I'm afraid it means the server side problem can't be resolved
 by client side.
 On the other hand, using -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50
 on libssl build works around, but it seems several people still
 claim "it isn't a right fix."
 It looks Wine had the same problem and they fixed it
 by disabling TLS 1.2 in their applications per Windows settings:
 Then, I think at least site specific applications like nicovideo_dl
 should be fixed by disabling TLS 1.2 in it as well.
 It would also be worth to make openssl have configurable
 settings for equivalents of OPENSSL_MAX_TLS1_2_CIPHER_LENGTH and
 OPENSSL_NO_TLS1_2_CLIENT in openssl.cnf for long term workaround,
 rather than compile time settings.
 Izumi Tsutsui

Home | Main Index | Thread Index | Old Index