12.16 build 1860 on x86_64, 3.2.0-4-amd64 Debian Linux does not support TLS 1.2 protocol
-
A Former User last edited by
I have multiple sites running with TLS 1.2 protocol support and various ciphers however Opera can not connect and repeatedly issues the false message :
Unable to complete secure transaction You tried to access the address https://node000.mysite.com/somepath/foo, which is currently unavailable. Please make sure that the web address (URL) is correctly spelled and punctuated, then try reloading the page. Secure connection: fatal error (70) from server. https://node000.mysite.com/somepath/foo Handshake failed because the server does not want to accept the enabled SSL/TLS protocol versions.
This is of course, completely false.
Within preferences I have all TLS versions enabled and SSLV v3 disabled. I have all ciphers enabled. Still unable to connect. I have shut down Opera and retried. Still fails. FireFox of course works fine.
I can test and verify protocol support with openssl thus :
$ /usr/local/ssl/bin/openssl version
OpenSSL 1.0.1j 15 Oct 2014$ /usr/local/ssl/bin/openssl s_client -state -tls1_2 -status -connect node000.mysite.com:443
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
OCSP response: no response sent
SSL_connect:SSLv3 read server hello A
<snip snip>
SSL handshake has read 1734 bytes and written 443 bytesNew, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 19E91F71ABDFBDCE5A2E1D523741B7FC3C1B40603B3E9CE82A1FA553B7ACFC7C
Session-ID-ctx:etc etc etc.
Clearly this must be an Opera config issue. Is there some special way to enable TLS1.2 protocol support in Opera ?
Thank you in advance of course.
-
Deleted User last edited by
Did you activate TLS 1.1 and TLS 1.2 in Operas's settings Advanced -> Security -> Security Protocols... ?
There is a issue witl SSL ciphers.
Opera does support TLS 1.2, but sadly only old ciphers!
It does not connect with (current used-) modern ECDHE and other ciphers.
And Opera 12 seems to have stranges OCSP problems, while checking validity of certificates.You cant fix this. And Opera ASA will not change the behaviour as there exists working Opera 26 for Linux.
Use Opera 26 or (sorry to say) other browser.
-
A Former User last edited by
Thank you for the reply.
I did enable all TLS versions in spite of the fact that only TLSv1.2 is offered by the web sites.
I am testing with Firefox thus :
USER_AGENT: Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
Which works fine and I see this :
PORT: 443
PROTOCOL: HTTP/1.1
SERVERE: Apache/2.4.10 (Unix) PHP/5.4.36 OpenSSL/1.0.1j
SSL_CIPHER: ECDHE-RSA-AES128-GCM-SHA256
SSL_CIPHER_ALGKEYSIZE: 128
SSL_CIPHER_EXPORT: false
SSL_CIPHER_USEKEYSIZE: 128
SSL_PROTOCOL: TLSv1.2
SSL_SECURE_RENEG: true
SSL_SERVER_A_KEY: rsaEncryption
SSL_SERVER_A_SIG: sha256WithRSAEncryption
SSL_VERSION_INTERFACE: mod_ssl/2.4.10
SSL_VERSION_LIBRARY: OpenSSL/1.0.1jStrangely Opera on my Android phone works fine however on my Linux workstation, not at all.
Hard to believe that Opera can not work with TLS1.2 and recent ciphers given all the problems in the past year. I don't know of any company in the financial or insurance industry that is still running SSLv3 on their core application stack.
I see a new release and will go try opera-stable_26.0.1656.60_amd64.deb
-
Deleted User last edited by
Hard to believe that Opera can not work with TLS1.2 and recent ciphers given all the problems in the past year.
It works with TLSv1.2. But not with ECDHE ciphers.
I don't know of any company in the financial or insurance industry that is still running SSLv3 on their core application stack.
Thats wrong. SSLv3 is deactivated in Opera 12.16!
And Opera 12.16 runs TLSv1.2!
On my own site with TLS v1.2 256 bit AES (1024 bit DHE_RSA/SHA-256)