The following reply was made to PR kern/155160; it has been noted by GNATS.
From: Hans Duedal <h...@onlinecity.dk> To: bug-follo...@freebsd.org, h...@onlinecity.dk Cc: Subject: Re: kern/155160: [aesni] AES-NI breaks OpenSSL client calls Date: Wed, 2 Mar 2011 12:18:51 +0100 --001636832066da7c7c049d7e1365 Content-Type: text/plain; charset=ISO-8859-1 Does not work: curl -v --ciphers AES256-SHA "https://twitter.com/"; curl -v --ciphers AES256-SHA "https://encrypted.google.com/"; Works: curl -v --ciphers AES128-SHA "https://twitter.com/"; curl -v --ciphers AES128-SHA "https://encrypted.google.com/"; curl -v --ciphers RC4-SHA "https://twitter.com/"; curl -v --ciphers CAMELLIA128-SHA "https://oc.nimta.com/"; curl -v --ciphers CAMELLIA256-SHA "https://oc.nimta.com/"; The problem only affects the AES256 cipher and it's variants (DHE-RSA-AES256-SHA & DHE-DSS-AES256-SHA). But openssl s_client still works with it: openssl s_client -ssl3 -cipher AES256-SHA -state -CAfile /usr/local/share/certs/ca-root-nss.crt -connect twitter.com:443 --001636832066da7c7c049d7e1365 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable <div>Does not work:</div><div>curl -v --ciphers AES256-SHA "<a href=3D= "https://twitter.com/";>https://twitter.com/</a>"</div><div>curl -v --c= iphers AES256-SHA "<a href=3D"https://encrypted.google.com/";>https://e= ncrypted.google.com/</a>"</div> <div><br></div><div>Works:</div><div>curl -v --ciphers AES128-SHA "<a = href=3D"https://twitter.com/";>https://twitter.com/</a>"</div><div>curl= -v --ciphers AES128-SHA "<a href=3D"https://encrypted.google.com/";>ht= tps://encrypted.google.com/</a>"</div> <div>curl -v --ciphers RC4-SHA "<a href=3D"https://twitter.com/";>https= ://twitter.com/</a>"</div><div>curl -v --ciphers CAMELLIA128-SHA "= ;<a href=3D"https://oc.nimta.com/";>https://oc.nimta.com/</a>"</div><di= v> curl -v --ciphers CAMELLIA256-SHA "<a href=3D"https://oc.nimta.com/";>h= ttps://oc.nimta.com/</a>"</div><div><br></div><div>The problem only af= fects the AES256 cipher and it's variants (DHE-RSA-AES256-SHA & DHE= -DSS-AES256-SHA). But openssl s_client still works with it:</div> <div>openssl s_client -ssl3 -cipher AES256-SHA -state -CAfile /usr/local/sh= are/certs/ca-root-nss.crt -connect <a href=3D"http://twitter.com:443";>twitt= er.com:443</a></div> --001636832066da7c7c049d7e1365-- _______________________________________________ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
