Bug 1268848
| Summary: | Reporting incorrect protocol version | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Jan <japospis> |
| Component: | openssl | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.8 | ||
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-10-05 13:28:34 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This is not a version - it is a debugging message showing which state is SSL connection in. |
Description of problem: It was found via case with stunnel. Which writes in logs type of encryption protocol that he gets from openssl chipers. We can see there that even version of TLS is used logs shows SSLv3 Version-Release number of selected component (if applicable): How reproducible: openssl s_client -connect access.redhat.com:443 -tls1 -state 2>&1 | egrep '(SSL|TLS)v' Actual results: SSL_connect:SSLv3 write client hello A SSL_connect:SSLv3 read server hello A SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read server session ticket A SSL_connect:SSLv3 read finished A New, TLSv1/SSLv3, Cipher is AES256-SHA Protocol : TLSv1 Expected results: SSL_connect:TLSv1 write client hello A SSL_connect:TLSv1 read server hello A SSL_connect:TLSv1 read server certificate A SSL_connect:TLSv1 read server done A SSL_connect:TLSv1 write client key exchange A SSL_connect:TLSv1 write change cipher spec A SSL_connect:TLSv1 write finished A SSL_connect:TLSv1 flush data SSL_connect:TLSv1 read server session ticket A SSL_connect:TLSv1 read finished A New, TLSv1/SSLv3, Cipher is AES256-SHA Protocol : TLSv1 Additional info: https://www.stunnel.org/pipermail/stunnel-users/2015-February/004943.html