Issue #7197 has been updated by shugo (Shugo Maeda).


zzak (Zachary Scott) wrote:
> fwiw, I still get this on trunk with ubuntu 12.10
> 
> uname -a:
> Linux ux31a 3.5.0-18-generic #29-Ubuntu SMP Fri Oct 19 10:26:51 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

I've investigated the problem, and found the following description in changelog.Debian.gz:

  openssl (1.0.1-4ubuntu1) precise; urgency=low
  ...
      - Experimental workaround to large client hello issue: if
        OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients
        only.
      - Compile with -DOPENSSL_NO_TLS1_2_CLIENT.

With OPENSSL_NO_TLS1_2_CLIENT, TLS 1.2 support is disabled in the SSLv23 method, which is the default method.

ssl/s23_clnt.c:

  #ifndef OPENSSL_NO_TLS1_2_CLIENT
          if (!(s->options & SSL_OP_NO_TLSv1_2))
                  {
                  version = TLS1_2_VERSION;
                  }
        else
  #endif

OPENSSL_NO_TLS1_2_CLIENT is still set in 1.0.1-4ubuntu5.5, so test_tls_v1_2 fails.

I've found that test_tls_v1_2 passes using the TLSv1_2_client method explicitly,
even if OPENSSL_NO_TLS1_2_CLIENT is set.

--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -465,7 +465,9 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2
 
   def test_tls_v1_2
     start_server_version(:TLSv1_2) { |server, port|
-      server_connect(port) { |ssl| assert_equal("TLSv1.2", ssl.ssl_version) }
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.ssl_version = :TLSv1_2_client
+      server_connect(port, ctx) { |ssl| assert_equal("TLSv1.2", ssl.ssl_version
) }
     }
   end if OpenSSL::OPENSSL_VERSION_NUMBER > 0x10001000

But, I think this ticket can be just closed as a third party's issue.

----------------------------------------
Bug #7197: Error: test_tls_v1_2(OpenSSL::TestSSL)
https://bugs.ruby-lang.org/issues/7197#change-34697

Author: znz (Kazuhiro NISHIYAMA)
Status: Assigned
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category: ext
Target version: 2.0.0
ruby -v: ruby 2.0.0dev (2012-10-20 trunk 37273) [x86_64-linux]


Ubuntu 12.04.1 LTS 64-bit ???????以????????????????????

  2) Error:
test_tls_v1_2(OpenSSL::TestSSL):
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=unknown state: tlsv1 alert protocol version
    .../test/openssl/test_ssl.rb:607:in `connect'
    .../test/openssl/test_ssl.rb:607:in `server_connect'
    .../test/openssl/test_ssl.rb:468:in `block in test_tls_v1_2'
    .../test/openssl/utils.rb:293:in `call'
    .../test/openssl/utils.rb:293:in `start_server'
    .../test/openssl/test_ssl.rb:593:in `start_server_version'
    .../test/openssl/test_ssl.rb:467:in `test_tls_v1_2'

OpenSSL ??????????以???????????????

% openssl version
OpenSSL 1.0.1 14 Mar 2012
% dpkg -l openssl | grep '^ii'
ii  openssl                                   1.0.1-4ubuntu5.5                           Secure Socket Layer (SSL) binary and related cryptographic tools
%


-- 
http://bugs.ruby-lang.org/