Opened 7 years ago

Closed 7 years ago

Last modified 4 years ago

#5905 closed defect (fixed)

TLSv1.2 negotiation fails with OpenSSL

Reported by: Martin Herkt Owned by:
Priority: normal Component: avformat
Version: git-master Keywords: libopenssl tls
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

Summary of the bug:
When built with OpenSSL, FFmpeg is unable to negotiate a TLSv1.2 session with servers that use certain cipher suites. I haven’t narrowed it down to anything in particular, but 0x0.st uses ECDHE with ECDSA rather than RSA.

Other software that uses OpenSSL works fine.

How to reproduce:

% ffprobe https://0x0.st/-k.txt
ffprobe version N-82095-g5867234 Copyright (c) 2007-2016 the FFmpeg developers
  built with gcc 6 (SUSE Linux)
  configuration: --prefix=/usr --libdir=/usr/lib64 --shlibdir=/usr/lib64 --enable-gpl --enable-nonfree --disable-stripping --enable-shared --disable-static --enable-postproc --enable-libvorbis --enable-libx264 --enable-libssh --enable-libmp3lame --enable-libopus --enable-libvpx --enable-openssl --enable-libxvid --disable-librtmp --enable-libmodplug --enable-ladspa --enable-libopenjpeg --enable-libass --enable-libzimg --enable-libgme --enable-librubberband --enable-libfreetype --enable-libfontconfig --enable-netcdf
  libavutil      55. 33.100 / 55. 33.100
  libavcodec     57. 63.103 / 57. 63.103
  libavformat    57. 53.100 / 57. 53.100
  libavdevice    57.  0.103 / 57.  0.103
  libavfilter     6. 64.100 /  6. 64.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  2.100 /  2.  2.100
  libpostproc    54.  0.100 / 54.  0.100
[tls @ 0x796d40] Unable to negotiate TLS/SSL session
https://0x0.st/-k.txt: Input/output error

Change History (3)

comment:1 by Carl Eugen Hoyos, 7 years ago

Keywords: ssl removed
Reproduced by developer: set
Status: newopen

comment:2 by jkqxz, 7 years ago

Resolution: fixed
Status: openclosed
Last edited 7 years ago by Carl Eugen Hoyos (previous) (diff)

comment:3 by Carl Eugen Hoyos, 4 years ago

Keywords: libopenssl added; openssl removed
Note: See TracTickets for help on using tickets.