SSLv3 issues with XChat onFreeBSD 8

K

KernelPanic

I get the following error when attempting to connect to an SSL secured irc server:

Code: 
Connection failed. Error: (336151568) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

A brief scan with Google indicated that this is being caused by versions of OpenSSL greater than 0.9.8g that embrace the new SSLv3 extensions. FreeBSD 8 has OpenSSL 0.9.8k

Anyone know of a workaround? Otherwise I'll be submitting a PR.
 
Answering my own question...

It has something to do with clients, in this case XChat2, not understanding SSLv3 extensions. I found some code to get around it:

Code: 
--- t1_lib.c.orig       2010-01-08 10:45:43.000000000 -0700
+++ t1_lib.c    2010-06-01 11:20:35.000000000 -0600
@@ -133,6 +133,10 @@
        int extdatalen=0;
        unsigned char *ret = p;
 
+       /* don't add extensions for SSLv3 */
+       if (s->client_version == SSL3_VERSION)
+               return p;
+   
        ret+=2;
 
        if (ret>=limit) return NULL; /* this really never occurs, but ... */
@@ -251,6 +255,11 @@
        int extdatalen=0;
        unsigned char *ret = p;
 
+       /* don't add extensions for SSLv3 */
+       if (s->version == SSL3_VERSION)
+               return p;
+       
+
        ret+=2;
        if (ret>=limit) return NULL; /* this really never occurs, but ... */

YMMV.
 
You must log in or register to reply here.
Back
Top