1797256 – spectool suddenly reporting sslv3 alert handshake failure

Bug 1797256 - spectool suddenly reporting sslv3 alert handshake failure

Summary: spectool suddenly reporting sslv3 alert handshake failure

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rpmdevtools
Sub Component:
Version:	30
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Neal Gompa
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-02-01 22:08 UTC by John Pilkington
Modified:	2020-02-07 09:45 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-02-07 09:45:14 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
report with the --insecure tag commented out (6.27 KB, text/plain) 2020-02-01 22:08 UTC, John Pilkington	no flags	Details
--verbose report with 'active' --insecure tag (6.09 KB, text/plain) 2020-02-01 22:10 UTC, John Pilkington	no flags	Details
another attempt, using --verbose --tlsv1.2 --ciphers ecdhe_rsa_aes_128_gcm_sha_256 (6.45 KB, text/plain) 2020-02-03 14:23 UTC, John Pilkington	no flags	Details
View All

Description John Pilkington 2020-02-01 22:08:02 UTC

Created attachment 1657057 [details]
report with the --insecure tag commented out

Description of problem: spectool with --insecure curlrc fails after 20200130-ish updates


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.run build script using spectool to access github

2.
3.

Actual results: handshake failure 


Expected results: gain insecure access


Additional info:Attachments show --verbose reports with and without the curlrc --insecure setting.

Comment 1 John Pilkington 2020-02-01 22:10:58 UTC

Created attachment 1657058 [details]
--verbose report with 'active' --insecure tag

Comment 2 John Pilkington 2020-02-01 22:26:17 UTC

https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/thread/53S6O5AGG2W7JHQ5QSECUSZ6V6I6CBNV/

Comment 3 John Pilkington 2020-02-02 13:12:05 UTC

I have tried putting '--sslv3 --verbose' or '--sslv2 --verbose' into curlrc:

curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

curl: (4) OpenSSL was built without SSLv2 support

Comment 4 John Pilkington 2020-02-03 14:23:42 UTC

Created attachment 1657355 [details]
another attempt, using --verbose --tlsv1.2 --ciphers ecdhe_rsa_aes_128_gcm_sha_256

Comment 5 John Pilkington 2020-02-04 11:44:36 UTC

http://lists.mythtv.org/pipermail/mythtv-dev/2020-February/078214.html

reports that it works from Australia     Connected to codeload.github.com (3.105.64.153) port 443 (#1)

but from the UK the handshakes fail at   Connected to codeload.github.com (81.130.111.239) port 443 (#1)  

with any of the cypher or security options I have tried.

Browsers object to both addresses.

Comment 6 John Pilkington 2020-02-04 16:48:47 UTC

'whois' showed the connection was to the BT internet service, not to github.  I power-cycled the BT Hub and downloading is going ahead.  Sorry for the noise.

Note You need to log in before you can comment on or make changes to this bug.