Why application using openssl are failling after updating to Red Hat Enterprise Linux 6.5?

Solution Verified - Updated -

Issue

  • Application working fine with openssl-1.0.0 are failing after upgrade to openssl-1.0.1e(Red Hat Enterprise Linux 6.5)
  • With openssl-1.0.0
echo -e "GET / HTTP/1.1\r\nHost: www.example.com\r\n\r\n" | openssl s_client -connect www.example.com:443 -ign_eof -cert test-abc.pem 

depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance CA-3
verify return:1
depth=0 C = US, ST = xxxxxxxx, L = Exton, O = Test-IT corp, CN = *.example.com
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:/C=US/ST=xxxxxxxx/L=Exton/O=Test-IT corp/CN=*.example.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
dAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBuAGMAZQAgAG8AZgAgAHQAaABlACAA
RABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQAFMAIABhAG4AZAAgAHQAaABlACAA
UgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBtAGUAbgB0ACAA
...
el57M8gY3mCWzF2xaLAqWcm+EtFvcsN9IoR6RMKNN2sXyZCuhdwdBBVxygH4TKID
YRaIOqda+Uipak7VbEWZs4WUFcuy8NXGgWJda/ADZuGwgBUBP6MZ7FPc3xsrj5HK
umtrcu4LZoDNkD62TaWu/SYWUVyTZ5ucYT+E/cfQkxTy5MCx3JFmKn2qNHna/Dva
utOiJVwvDGHtd6QJ
-----END CERTIFICATE-----
subject=/C=US/ST=xxxxxxxx/L=Exton/O=Test-IT corp/CN=*.example.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
---
No client certificate CA names sent
---
SSL handshake has read 3530 bytes and written 438 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA
    Session-ID: 782600002796D26C833003ACB349924F9AD692733963A41117436F1B021B49AE
    Session-ID-ctx: 
    Master-Key: 77D3DFE114ACD4C11EDEB7468EA4B5F53FC356D64B6E579AB1031A02AD739E061D46291965FE3A2D8BC0496E7990830A
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1389629521
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance CA-3
verify return:1
depth=0 C = US, ST = xxxxxxxx, L = Exton, O = Test-IT corp, CN = *.example.com
verify return:1
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=iso-8859-1
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=jqofnfwcielnmv5mk3k0jled; path=/; HttpOnly
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 13 Jan 2014 16:12:00 GMT
Content-Length: 7053
  • With openssl-1.0.1e
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance CA-3
verify return:1
depth=0 C = US, ST = xxxxxxxx, L = Exton, O = Testp-IT corp, CN = *.example.com
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:/C=US/ST=xxxxxxxx/L=Exton/O=est-IT corp/CN=*.example.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
dAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBuAGMAZQAgAG8AZgAgAHQAaABlACAA
RABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQAFMAIABhAG4AZAAgAHQAaABlACAA
UgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBtAGUAbgB0ACAA
...
el57M8gY3mCWzF2xaLAqWcm+EtFvcsN9IoR6RMKNN2sXyZCuhdwdBBVxygH4TKID
YRaIOqda+Uipak7VbEWZs4WUFcuy8NXGgWJda/ADZuGwgBUBP6MZ7FPc3xsrj5HK
umtrcu4LZoDNkD62TaWu/SYWUVyTZ5ucYT+E/cfQkxTy5MCx3JFmKn2qNHna/Dva
utOiJVwvDGHtd6QJ
-----END CERTIFICATE-----
subject=/C=US/ST=xxxxxxxx/L=Exton/O=Test-IT corp/CN=*.example.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
---
No client certificate CA names sent
---
SSL handshake has read 3523 bytes and written 589 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA
    Session-ID: 31180000C6EE63B87127F24AD5053FF6EE4D5BDCB36D801BE6005B1FFDB9077F
    Session-ID-ctx: 
    Master-Key: 748B7CA21970B23626F51324DD908994723B0168B72F03D0FA5888B9D5C8CAC5E2FA5579844C6C8AA9563906D6DD0A7C
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1389621198
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
read:errno=104p <---------------------------- 

Environment

  • Red Hat Enterprise Linux 6.5
  • openssl-1.0.1e

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In