[MacPorts] #33715: openssl 1.0.1 breaks multiple ports
MacPorts
noreply at macports.org
Tue Mar 27 07:05:12 PDT 2012
#33715: openssl 1.0.1 breaks multiple ports
----------------------------------+-----------------------------------------
Reporter: pixilla@… | Owner: macports-tickets@…
Type: defect | Status: new
Priority: High | Milestone:
Component: ports | Version: 2.0.4
Keywords: | Port: openssl
----------------------------------+-----------------------------------------
Comment(by william@…):
Me Too™.
I find that when using libcurl to make requests to a server over https,
these requests succeed when using OpenSSLv1.0.0g but fail with 1.0.1. Note
that they also fail if I use the +gnutls variant of curl, which may
indicate that it is indeed a problem with the server rather than with
OpenSSL.
I expect the problem is with the length of the “client hello” being
greater than one byte, as mentioned in the openssl ticket above. If I
force TLSv1 (which curl allows me to do) my fetches work OK. I expect this
reduces the length of the “client hello” and that allows things to work.
So my feeling is that it is not necesary to roll OpenSSL back, rather to
request owners of broken servers to unbreak them, and otherwise to work
around the problem by specifying a single cipher using e.g. (for curl)
“curl_easy_setopt (_, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1)” and
equivalents for other packages.
--
Ticket URL: <https://trac.macports.org/ticket/33715#comment:22>
MacPorts <http://www.macports.org/>
Ports system for Mac OS
More information about the macports-tickets
mailing list