On Sun, December 8, 2013 6:36 am, Gore, David W (David) wrote:
JC, are you implying the server is misconfigured and ssllabs would tell
me
why? Regardless, it's on the intranet and not publicly accessible not
that it is a server in my realm of control anyway. We too just
upgraded
to RedHat 6.5 and I was thinking I could roll-back the SSL libraries to
a
previous release although that is less than appealing.
Well, sort of, yes :)
If a simple 'openssl s_client -connect my.ip.addr:443' hangs (as it did in
our case, from any 6.5 or Fedora 19 box), then anything that's doing TLS
handshaking the same way will have the same problems. xymonnet brought it
to light, but as more and more clients start being more strict about TLS
(and cipher lists) I wouldn't be surprised if more things break in the
future.
Rolling back the openssl lib should (have) work(ed), but there's a bit of
a difference in how RPM was tagging them in x86_64 builds and that would
have required lots of other packages to be swapped out as well for us.
Also, FTR, it's not the RHEL bug indicated here:
https://bugzilla.redhat.com/show_bug.cgi?id=1022468 We had the same
problem with openssl-1.0.1e-15 and -16.