SSL and TCP/HTTP Bugs in Fedora Core 6 and 8

Duncan Berriman duncan at dcl.co.uk
Fri Nov 23 21:03:33 UTC 2007 

Hi,

First posting so please excuse any mistakes.

I have two problems which I can reproduce on Fedora Core 6 (which is where I
first found them) and in Fedora Core 8. I have tested these two issues on
Fedora Core 2 and 4 and the problems do not exist.

One relates to using SSL. The site being connected to has a TLSv1 and SSLV3
SSL Certificate, however as of Fedora Core 6 onwards if SSLv2 is disabled an
SSL connection can not be negotiated.

openssl s_client -no_ssl2 -connect xxxxxx.xxxx.com:443
CONNECTED(00000003)
2159:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:

On Fedora Core 4 it works fine and wither a TLSv1 or SSLv3 connection can be
made.

New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID:
00152056A7A28668B4EB1451B8A2F6809C29A16858585858474743BD00006718
    Session-ID-ctx:
    Master-Key:
720DC5F3697624BF8C3BEA800AC9EB386B234BB759F9ACD338ADA9DDEBB0909FD693C0F32DD0
A6D577D6CA18A6345C72
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1195851233
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)

The other problem is more perplexing.

If a TCP/IP connection is made to a certain public web server then the
transfer rate on Fedora Core 6 onwards is in the region of 100B/S (bytes per
second). On Fedora Core 2 and Fedora Core 4 the speed is in the region of
300KB/s (Kbytes per second).

wget http://www.xxxxxxxxxxxxx.com/
--20:57:23--  http://www.xxxxxxxxxxxxx.com/
           => `index.html.1'
Resolving www.xxxxxxxxxxxxxxxx.com... 
Connecting to www.xxxxxxxxxxxxxxxxx.com:80... connected.
HTTP request sent, awaiting response... 200 OKLength: unspecified
[text/html]

    [                <=>                  ] 11,042       149.60B/s

Again on any other FC4 it works fine.

wget http://www.xxxxxxxxxxxxx.com/
--20:57:23--  http://www.xxxxxxxxxxxxx.com/
           => `index.html.1'
Resolving www.xxxxxxxxxxxxxxxx.com... 
Connecting to www.xxxxxxxxxxxxxxxxx.com:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]

    [ <=>                                 ] 38,085       231.38K/s

20:57:37 (230.42 KB/s) - `index.html.1' saved [38085]

Both these problems were encounted on a live server at a data centre running
Fedora Core 6. I then did a fresh install on another machine at the office
of FC6 and reproduced both problems. I then did a fresh install of FC8 on
the same machine and again managed to reproduce them straight away.

In both cases the 'faulty' systems can happily connect to any other SSL host
or download from any other web site using WGET quite happily. It seems in
both cases it seems to be an interaction with the particular site that does
not manifest itself under FC2 or FC4.

PS. There is also a bug in WGET as can be seen above, whilse the transfer is
in place it says K/s, at the end it correctly says KB/s.

I've blanked out the servers being connected to as they are customer systems
but I'm happy to do some debugging ot provide the info if required to solve
the issue off list.

Thanks in advance
Duncan

More information about the fedora-list mailing list