12.16 build 1860 on x86_64, 3.2.0-4-amd64 Debian Linux does not support TLS 1.2 protocol

  • I have multiple sites running with TLS 1.2 protocol support and various ciphers however Opera can not connect and repeatedly issues the false message :

    Unable to complete secure transaction
    
    You tried to access the address https://node000.mysite.com/somepath/foo, which is currently unavailable.
    Please make sure that the web address (URL) is correctly spelled and punctuated, then try reloading the page.
    
    Secure connection: fatal error (70) from server.
    
    https://node000.mysite.com/somepath/foo
    
    Handshake failed because the server does not want to accept the enabled SSL/TLS protocol versions.
    

    This is of course, completely false.

    Within preferences I have all TLS versions enabled and SSLV v3 disabled. I have all ciphers enabled. Still unable to connect. I have shut down Opera and retried. Still fails. FireFox of course works fine.

    I can test and verify protocol support with openssl thus :

    $ /usr/local/ssl/bin/openssl version
    OpenSSL 1.0.1j 15 Oct 2014

    $ /usr/local/ssl/bin/openssl s_client -state -tls1_2 -status -connect node000.mysite.com:443

    CONNECTED(00000003)
    SSL_connect:before/connect initialization
    SSL_connect:SSLv3 write client hello A
    OCSP response: no response sent
    SSL_connect:SSLv3 read server hello A
    <snip snip>
    SSL handshake has read 1734 bytes and written 443 bytes

    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    SSL-Session:
    Protocol : TLSv1.2
    Cipher : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 19E91F71ABDFBDCE5A2E1D523741B7FC3C1B40603B3E9CE82A1FA553B7ACFC7C
    Session-ID-ctx:

    etc etc etc.

    Clearly this must be an Opera config issue. Is there some special way to enable TLS1.2 protocol support in Opera ?

    Thank you in advance of course.

  • Did you activate TLS 1.1 and TLS 1.2 in Operas's settings Advanced -> Security -> Security Protocols... ?

    There is a issue witl SSL ciphers.
    Opera does support TLS 1.2, but sadly only old ciphers!
    It does not connect with (current used-) modern ECDHE and other ciphers.
    And Opera 12 seems to have stranges OCSP problems, while checking validity of certificates.

    You cant fix this. And Opera ASA will not change the behaviour as there exists working Opera 26 for Linux.

    Use Opera 26 or (sorry to say) other browser.

  • Thank you for the reply.

    I did enable all TLS versions in spite of the fact that only TLSv1.2 is offered by the web sites.

    I am testing with Firefox thus :

    USER_AGENT: Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0

    Which works fine and I see this :

    PORT: 443
    PROTOCOL: HTTP/1.1
    SERVERE: Apache/2.4.10 (Unix) PHP/5.4.36 OpenSSL/1.0.1j
    SSL_CIPHER: ECDHE-RSA-AES128-GCM-SHA256
    SSL_CIPHER_ALGKEYSIZE: 128
    SSL_CIPHER_EXPORT: false
    SSL_CIPHER_USEKEYSIZE: 128
    SSL_PROTOCOL: TLSv1.2
    SSL_SECURE_RENEG: true
    SSL_SERVER_A_KEY: rsaEncryption
    SSL_SERVER_A_SIG: sha256WithRSAEncryption
    SSL_VERSION_INTERFACE: mod_ssl/2.4.10
    SSL_VERSION_LIBRARY: OpenSSL/1.0.1j

    Strangely Opera on my Android phone works fine however on my Linux workstation, not at all.

    Hard to believe that Opera can not work with TLS1.2 and recent ciphers given all the problems in the past year. I don't know of any company in the financial or insurance industry that is still running SSLv3 on their core application stack.

    I see a new release and will go try opera-stable_26.0.1656.60_amd64.deb

  • Hard to believe that Opera can not work with TLS1.2 and recent ciphers given all the problems in the past year.

    It works with TLSv1.2. But not with ECDHE ciphers.

    I don't know of any company in the financial or insurance industry that is still running SSLv3 on their core application stack.

    Thats wrong. SSLv3 is deactivated in Opera 12.16!
    And Opera 12.16 runs TLSv1.2!
    On my own site with TLS v1.2 256 bit AES (1024 bit DHE_RSA/SHA-256)

Log in to reply
 

Looks like your connection to Opera forums was lost, please wait while we try to reconnect.