On Sun, December 8, 2013 6:36 am, Gore, David W (David) wrote:
JC, are you implying the server is misconfigured and ssllabs would tell me why? Regardless, it's on the intranet and not publicly accessible not that it is a server in my realm of control anyway. We too just upgraded to RedHat 6.5 and I was thinking I could roll-back the SSL libraries to a previous release although that is less than appealing.
Well, sort of, yes :)
If a simple 'openssl s_client -connect my.ip.addr:443' hangs (as it did in our case, from any 6.5 or Fedora 19 box), then anything that's doing TLS handshaking the same way will have the same problems. xymonnet brought it to light, but as more and more clients start being more strict about TLS (and cipher lists) I wouldn't be surprised if more things break in the future.
Rolling back the openssl lib should (have) work(ed), but there's a bit of a difference in how RPM was tagging them in x86_64 builds and that would have required lots of other packages to be swapped out as well for us.
Also, FTR, it's not the RHEL bug indicated here: https://bugzilla.redhat.com/show_bug.cgi?id=1022468 We had the same problem with openssl-1.0.1e-15 and -16.
Regards,
-jc