10. April 2014

Debian Heartbleed openssl bug remains even after upgrade of openssl package

If you’re using Debian and you want to get rid of Hearbleed bug then it’s not sufficient to upgrade openssl package.

The really important package is libssl1.0.0:

apt-get install libssl1.0.0

It will restart all services which depends on this package.

19. February 2012

Tomcat 7 and curl – SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

There is very annoying bug in Open SSL 1.0 which affects curl. When you try to access Tomcat 7 with https with curl you’ll get fancy error:

curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

-k parameter is not working at all

You’re not able to invoke any request against Tomcat 7 with https in default configuration.

The solution is to restrict available ciphers in Tomcat’s https connector:

ciphers="SSL_RSA_WITH_RC4_128_SHA"

Restart Tomcat and curl will work.