no SSL3 and TLS support for https://fedorahosted.org/
Remko van der Vossen
wich at yuugen.jp
Tue Aug 17 13:15:36 UTC 2010
Hello,
https://fedorahosted.org/releases/e/l/elfutils/0.148/elfutils-0.148.tar.bz2
does not seem to be working correctly; an attempt to download this using
wget gives:
> wget https://fedorahosted.org/releases/e/l/elfutils/0.148/elfutils-0.148.tar.bz2
--2010-08-17 15:07:29-- https://fedorahosted.org/releases/e/l/elfutils/0.148/elfutils-0.148.tar.bz2
Resolving fedorahosted.org (fedorahosted.org)... 66.135.52.17
Connecting to fedorahosted.org (fedorahosted.org)|66.135.52.17|:443... connected.
OpenSSL: error:14092073:SSL routines:SSL3_GET_SERVER_HELLO:bad packet length
Unable to establish SSL connection.
When using SSLv2 explicitly it does work:
> wget --secure-protocol=SSLv2 https://fedorahosted.org/releases/e/l/elfutils/0.148/elfutils-0.148.tar.bz2
--2010-08-17 15:08:51-- https://fedorahosted.org/releases/e/l/elfutils/0.148/elfutils-0.148.tar.bz2
Resolving fedorahosted.org (fedorahosted.org)... 66.135.52.17
Connecting to fedorahosted.org (fedorahosted.org)|66.135.52.17|:443... connected.
HTTP request sent, awaiting response... 200 OK
However wget should automatically use SSLv2 if only v2 is supported,
from the manpage:
--secure-protocol=protocol
Choose the secure protocol to be used. Legal values are auto,
SSLv2, SSLv3, and TLSv1. If auto is used, the SSL library is
given the liberty of choosing the appropriate protocol
automatically, which is achieved by sending an SSLv2 greeting and
announcing support for SSLv3 and TLSv1. This is the default.
Specifying SSLv2, SSLv3, or TLSv1 forces the use of the
corresponding protocol. This is useful when talking to old and
buggy SSL server implementations that make it hard for OpenSSL to
choose the correct protocol version. Fortunately, such servers
are quite rare.
Is it a case of a misconfigured webserver or is an update of the
software in order?
Additionally, beside the versioned subdirectories, there are direct
links to the tarballs, however it seems that the permissions are not set
correctly for these:
> wget --secure-protocol=SSLv2 https://fedorahosted.org/releases/e/l/elfutils/elfutils-0.148.tar.bz2
--2010-08-17 15:13:20-- https://fedorahosted.org/releases/e/l/elfutils/elfutils-0.148.tar.bz2
Resolving fedorahosted.org (fedorahosted.org)... 66.135.52.17
Connecting to fedorahosted.org (fedorahosted.org)|66.135.52.17|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
Hope you are willing to look into these problems.
With kind regards,
Remko van der Vossen.
More information about the websites
mailing list