Description of problem: If running a web server that only supports TLSv1.1 and TLSv1.2 (i.e. no TLSv1 or lower), wget fails to connect. When running "wget https://example.org/" (where example.org only supports TLSv1.1 and TLSv1.2), wget fails with the message "Unable to establish SSL connection." If you add "--secure-protocol=TLSv1_1" or "--secure-protocol=TLSv1_2", it works as it should. "--secure-protocol=auto" also fails. Version-Release number of selected component (if applicable): wget-1.16-3.fc20.x86_64 How reproducible: Every time. Steps to Reproduce: 1. Set up a web server that only supports TLSv1.1 and/or TLSv1.2. 2. Attempt to connect to it using wget. 3. Witness the error message. Actual results: "Unable to establish SSL connection." Expected results: Connection successful. Additional info: You can set up a server like this easily by using openssl s_server with the arguments "-no_ssl2 -no_ssl3 -no_tls1".
This is probably related: in F21 if one sets Crypto Policy (https://fedoraproject.org/wiki/Changes/CryptoPolicy) to "FUTURE" then wget fails with the same message. For example: wget https://www.torproject.org/dist/torbrowser/4.0.2/tor-browser-linux64-4.0.2_en-US.tar.xz.asc results in: OpenSSL: error:140830B5:SSL routines:SSL3_CLIENT_HELLO:no ciphers available Unable to establish SSL connection.
(In reply to Štefan Gurský from comment #1) > This is probably related: in F21 if one sets Crypto Policy > (https://fedoraproject.org/wiki/Changes/CryptoPolicy) to "FUTURE" then wget > fails with the same message. For example: > > wget > https://www.torproject.org/dist/torbrowser/4.0.2/tor-browser-linux64-4.0. > 2_en-US.tar.xz.asc > > results in: > > OpenSSL: error:140830B5:SSL routines:SSL3_CLIENT_HELLO:no ciphers available > Unable to establish SSL connection. I don't think this is the case, since the bug is reported against F20 and the Crypto Policy Feature is aimed on F21. There seems to be a regression in 1.16 regarding openSSL. It is already discussed on upstream mailing list. Once they agree on the fix, I'll look at it in Fedora.
wget-1.16.1-1.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/wget-1.16.1-1.fc21
wget-1.16.1-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/wget-1.16.1-1.fc20
wget-1.16.1-1.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/wget-1.16.1-1.fc19
Package wget-1.16.1-1.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing wget-1.16.1-1.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-16811/wget-1.16.1-1.fc19 then log in and leave karma (feedback).
wget-1.16.1-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
wget-1.16.1-2.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/wget-1.16.1-2.fc20
wget-1.16.1-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
wget-1.16.1-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.