Why application using openssl are failling after updating to Red Hat Enterprise Linux 6.5?

Solution Verified - Updated -

Issue

  • Application working fine with openssl-1.0.0 are failing after upgrade to openssl-1.0.1e(Red Hat Enterprise Linux 6.5)
  • With openssl-1.0.0
echo -e "GET / HTTP/1.1\r\nHost: www.example.com\r\n\r\n" | openssl s_client -connect www.example.com:443 -ign_eof -cert test-abc.pem 

depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance CA-3
verify return:1
depth=0 C = US, ST = xxxxxxxx, L = Exton, O = Test-IT corp, CN = *.example.com
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:/C=US/ST=xxxxxxxx/L=Exton/O=Test-IT corp/CN=*.example.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
dAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBuAGMAZQAgAG8AZgAgAHQAaABlACAA
RABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQAFMAIABhAG4AZAAgAHQAaABlACAA
UgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBtAGUAbgB0ACAA
...
el57M8gY3mCWzF2xaLAqWcm+EtFvcsN9IoR6RMKNN2sXyZCuhdwdBBVxygH4TKID
YRaIOqda+Uipak7VbEWZs4WUFcuy8NXGgWJda/ADZuGwgBUBP6MZ7FPc3xsrj5HK
umtrcu4LZoDNkD62TaWu/SYWUVyTZ5ucYT+E/cfQkxTy5MCx3JFmKn2qNHna/Dva
utOiJVwvDGHtd6QJ
-----END CERTIFICATE-----
subject=/C=US/ST=xxxxxxxx/L=Exton/O=Test-IT corp/CN=*.example.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
---
No client certificate CA names sent
---
SSL handshake has read 3530 bytes and written 438 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA
    Session-ID: 782600002796D26C833003ACB349924F9AD692733963A41117436F1B021B49AE
    Session-ID-ctx: 
    Master-Key: 77D3DFE114ACD4C11EDEB7468EA4B5F53FC356D64B6E579AB1031A02AD739E061D46291965FE3A2D8BC0496E7990830A
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1389629521
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance CA-3
verify return:1
depth=0 C = US, ST = xxxxxxxx, L = Exton, O = Test-IT corp, CN = *.example.com
verify return:1
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=iso-8859-1
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=jqofnfwcielnmv5mk3k0jled; path=/; HttpOnly
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 13 Jan 2014 16:12:00 GMT
Content-Length: 7053
  • With openssl-1.0.1e
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance CA-3
verify return:1
depth=0 C = US, ST = xxxxxxxx, L = Exton, O = Testp-IT corp, CN = *.example.com
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:/C=US/ST=xxxxxxxx/L=Exton/O=est-IT corp/CN=*.example.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
dAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBuAGMAZQAgAG8AZgAgAHQAaABlACAA
RABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQAFMAIABhAG4AZAAgAHQAaABlACAA
UgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBtAGUAbgB0ACAA
...
el57M8gY3mCWzF2xaLAqWcm+EtFvcsN9IoR6RMKNN2sXyZCuhdwdBBVxygH4TKID
YRaIOqda+Uipak7VbEWZs4WUFcuy8NXGgWJda/ADZuGwgBUBP6MZ7FPc3xsrj5HK
umtrcu4LZoDNkD62TaWu/SYWUVyTZ5ucYT+E/cfQkxTy5MCx3JFmKn2qNHna/Dva
utOiJVwvDGHtd6QJ
-----END CERTIFICATE-----
subject=/C=US/ST=xxxxxxxx/L=Exton/O=Test-IT corp/CN=*.example.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
---
No client certificate CA names sent
---
SSL handshake has read 3523 bytes and written 589 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA
    Session-ID: 31180000C6EE63B87127F24AD5053FF6EE4D5BDCB36D801BE6005B1FFDB9077F
    Session-ID-ctx: 
    Master-Key: 748B7CA21970B23626F51324DD908994723B0168B72F03D0FA5888B9D5C8CAC5E2FA5579844C6C8AA9563906D6DD0A7C
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1389621198
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
read:errno=104p <----------------------------

Environment

  • Red Hat Enterprise Linux 6.5
  • openssl-1.0.1e

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content