Description of problem: An application linked against OpenSSL on RHEL 5 that makes a connection to a remote host, with the expectation of using SNI to specify the hostname, will experience a client-side disconnect which causes the connection to fail if the server responds that the hostname is not found/valid. The desired behavior is to have a warning generated because this scenario can occur normally if there is a proxy or similar device in between. The following URL has the details: http://comments.gmane.org/gmane.comp.encryption.openssl.devel/22621 Version-Release number of selected component (if applicable): How reproducible: 100% Steps to Reproduce: 1. Have an application connect to a remote host using https and issue a hostname via SNI that you know does not exist. 2. The connection will fail. Actual results: SSL3 alert read:warning:unknown SSL_connect:error in SSLv2/v3 read server hello A 7632:error:14077458:SSL Expected results: Ideally have it behave like OpenSSL 1.0: SSL3 alert read:warning:unrecognized name SSL3 alert write:warning:close notify Additional info: https://rt.openssl.org/Ticket/Display.html?id=3038&user=guest&pass=guest http://stackoverflow.com/questions/8619706/running-curl-with-openssl-0-9-8-against-openssl-1-0-0-server-causes-handshake-er
This Bugzilla has been reviewed by Red Hat and is not planned on being addressed in Red Hat Enterprise Linux 5, and therefore will be closed. If this bug is critical to production systems, please contact your Red Hat support representative and provide sufficient business justification. Issue is already fixed in RHEL-6/7.