Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#5905 closed defect (fixed)

TLSv1.2 negotiation fails with OpenSSL

Reported by: lachs0r Owned by:
Priority: normal Component: avformat
Version: git-master Keywords: openssl tls
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

Summary of the bug:
When built with OpenSSL, FFmpeg is unable to negotiate a TLSv1.2 session with servers that use certain cipher suites. I haven’t narrowed it down to anything in particular, but 0x0.st uses ECDHE with ECDSA rather than RSA.

Other software that uses OpenSSL works fine.

How to reproduce:

% ffprobe https://0x0.st/-k.txt
ffprobe version N-82095-g5867234 Copyright (c) 2007-2016 the FFmpeg developers
  built with gcc 6 (SUSE Linux)
  configuration: --prefix=/usr --libdir=/usr/lib64 --shlibdir=/usr/lib64 --enable-gpl --enable-nonfree --disable-stripping --enable-shared --disable-static --enable-postproc --enable-libvorbis --enable-libx264 --enable-libssh --enable-libmp3lame --enable-libopus --enable-libvpx --enable-openssl --enable-libxvid --disable-librtmp --enable-libmodplug --enable-ladspa --enable-libopenjpeg --enable-libass --enable-libzimg --enable-libgme --enable-librubberband --enable-libfreetype --enable-libfontconfig --enable-netcdf
  libavutil      55. 33.100 / 55. 33.100
  libavcodec     57. 63.103 / 57. 63.103
  libavformat    57. 53.100 / 57. 53.100
  libavdevice    57.  0.103 / 57.  0.103
  libavfilter     6. 64.100 /  6. 64.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  2.100 /  2.  2.100
  libpostproc    54.  0.100 / 54.  0.100
[tls @ 0x796d40] Unable to negotiate TLS/SSL session
https://0x0.st/-k.txt: Input/output error

Change History (2)

comment:1 Changed 2 years ago by cehoyos

  • Keywords ssl removed
  • Reproduced by developer set
  • Status changed from new to open

comment:2 Changed 2 years ago by jkqxz

  • Resolution set to fixed
  • Status changed from open to closed
Last edited 2 years ago by cehoyos (previous) (diff)
Note: See TracTickets for help on using tickets.