From: "shugo (Shugo Maeda)" Date: 2012-12-13T17:58:05+09:00 Subject: [ruby-dev:46735] [ruby-trunk - Bug #7197] Error: test_tls_v1_2(OpenSSL::TestSSL) Issue #7197 has been updated by shugo (Shugo Maeda). zzak (Zachary Scott) wrote: > fwiw, I still get this on trunk with ubuntu 12.10 > > uname -a: > Linux ux31a 3.5.0-18-generic #29-Ubuntu SMP Fri Oct 19 10:26:51 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux I've investigated the problem, and found the following description in changelog.Debian.gz: openssl (1.0.1-4ubuntu1) precise; urgency=low ... - Experimental workaround to large client hello issue: if OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients only. - Compile with -DOPENSSL_NO_TLS1_2_CLIENT. With OPENSSL_NO_TLS1_2_CLIENT, TLS 1.2 support is disabled in the SSLv23 method, which is the default method. ssl/s23_clnt.c: #ifndef OPENSSL_NO_TLS1_2_CLIENT if (!(s->options & SSL_OP_NO_TLSv1_2)) { version = TLS1_2_VERSION; } else #endif OPENSSL_NO_TLS1_2_CLIENT is still set in 1.0.1-4ubuntu5.5, so test_tls_v1_2 fails. I've found that test_tls_v1_2 passes using the TLSv1_2_client method explicitly, even if OPENSSL_NO_TLS1_2_CLIENT is set. --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -465,7 +465,9 @@ if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1_2 def test_tls_v1_2 start_server_version(:TLSv1_2) { |server, port| - server_connect(port) { |ssl| assert_equal("TLSv1.2", ssl.ssl_version) } + ctx = OpenSSL::SSL::SSLContext.new + ctx.ssl_version = :TLSv1_2_client + server_connect(port, ctx) { |ssl| assert_equal("TLSv1.2", ssl.ssl_version ) } } end if OpenSSL::OPENSSL_VERSION_NUMBER > 0x10001000 But, I think this ticket can be just closed as a third party's issue. ---------------------------------------- Bug #7197: Error: test_tls_v1_2(OpenSSL::TestSSL) https://bugs.ruby-lang.org/issues/7197#change-34697 Author: znz (Kazuhiro NISHIYAMA) Status: Assigned Priority: Normal Assignee: MartinBosslet (Martin Bosslet) Category: ext Target version: 2.0.0 ruby -v: ruby 2.0.0dev (2012-10-20 trunk 37273) [x86_64-linux] Ubuntu 12.04.1 LTS 64-bit の環境で以下のエラーが出ています。 2) Error: test_tls_v1_2(OpenSSL::TestSSL): OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=unknown state: tlsv1 alert protocol version .../test/openssl/test_ssl.rb:607:in `connect' .../test/openssl/test_ssl.rb:607:in `server_connect' .../test/openssl/test_ssl.rb:468:in `block in test_tls_v1_2' .../test/openssl/utils.rb:293:in `call' .../test/openssl/utils.rb:293:in `start_server' .../test/openssl/test_ssl.rb:593:in `start_server_version' .../test/openssl/test_ssl.rb:467:in `test_tls_v1_2' OpenSSL のバージョンは以下の通りです。 % openssl version OpenSSL 1.0.1 14 Mar 2012 % dpkg -l openssl | grep '^ii' ii openssl 1.0.1-4ubuntu5.5 Secure Socket Layer (SSL) binary and related cryptographic tools % -- http://bugs.ruby-lang.org/