SSL and TCP/HTTP Bugs in Fedora Core 6 and 8

Duncan Berriman duncan at
Fri Nov 23 21:03:33 UTC 2007


First posting so please excuse any mistakes.

I have two problems which I can reproduce on Fedora Core 6 (which is where I
first found them) and in Fedora Core 8. I have tested these two issues on
Fedora Core 2 and 4 and the problems do not exist.

One relates to using SSL. The site being connected to has a TLSv1 and SSLV3
SSL Certificate, however as of Fedora Core 6 onwards if SSLv2 is disabled an
SSL connection can not be negotiated.

openssl s_client -no_ssl2 -connect
2159:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake

On Fedora Core 4 it works fine and wither a TLSv1 or SSLv3 connection can be

New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1195851233
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)

The other problem is more perplexing.

If a TCP/IP connection is made to a certain public web server then the
transfer rate on Fedora Core 6 onwards is in the region of 100B/S (bytes per
second). On Fedora Core 2 and Fedora Core 4 the speed is in the region of
300KB/s (Kbytes per second).

           => `index.html.1'
Connecting to connected.
HTTP request sent, awaiting response... 200 OKLength: unspecified

    [                <=>                  ] 11,042       149.60B/s

Again on any other FC4 it works fine.

           => `index.html.1'
Connecting to connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]

    [ <=>                                 ] 38,085       231.38K/s

20:57:37 (230.42 KB/s) - `index.html.1' saved [38085]

Both these problems were encounted on a live server at a data centre running
Fedora Core 6. I then did a fresh install on another machine at the office
of FC6 and reproduced both problems. I then did a fresh install of FC8 on
the same machine and again managed to reproduce them straight away.

In both cases the 'faulty' systems can happily connect to any other SSL host
or download from any other web site using WGET quite happily. It seems in
both cases it seems to be an interaction with the particular site that does
not manifest itself under FC2 or FC4.

PS. There is also a bug in WGET as can be seen above, whilse the transfer is
in place it says K/s, at the end it correctly says KB/s.

I've blanked out the servers being connected to as they are customer systems
but I'm happy to do some debugging ot provide the info if required to solve
the issue off list.

Thanks in advance

More information about the fedora-list mailing list