# SSLv3 issues with XChat onFreeBSD 8



## KernelPanic (Dec 30, 2009)

I get the following error when attempting to connect to an SSL secured irc server:


```
Connection failed. Error: (336151568) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
```

A brief scan with Google indicated that this is being caused by versions of OpenSSL greater than 0.9.8g that embrace the new SSLv3 extensions. FreeBSD 8 has OpenSSL 0.9.8k

Anyone know of a workaround? Otherwise I'll be submitting a PR.


----------



## KernelPanic (Jun 30, 2010)

*Answering my own question...*

It has something to do with clients, in this case XChat2, not understanding SSLv3 extensions. I found some code to get around it:


```
--- t1_lib.c.orig       2010-01-08 10:45:43.000000000 -0700
+++ t1_lib.c    2010-06-01 11:20:35.000000000 -0600
@@ -133,6 +133,10 @@
        int extdatalen=0;
        unsigned char *ret = p;
 
+       /* don't add extensions for SSLv3 */
+       if (s->client_version == SSL3_VERSION)
+               return p;
+   
        ret+=2;
 
        if (ret>=limit) return NULL; /* this really never occurs, but ... */
@@ -251,6 +255,11 @@
        int extdatalen=0;
        unsigned char *ret = p;
 
+       /* don't add extensions for SSLv3 */
+       if (s->version == SSL3_VERSION)
+               return p;
+       
+
        ret+=2;
        if (ret>=limit) return NULL; /* this really never occurs, but ... */
```

YMMV.


----------

