Re: I've done something dumb?

Wed, 19 May 1999 07:31:43 -0700 

On Tue, May 18, 1999 at 05:45:52PM -0800, Michael wrote:
> apache 1.3.6 openssl 92b
> 
> everything seems to work. If I connect with a self signed test cert, 
> I get a dialog in the browser but when I get to the end it says
> "connection reset by peer". This occurs with all NS browsers, 
> MSIE does a similar thing
> 
> s_client tells me
> 
> # openssl s_client -connect localhost:443 -state -debug
> CONNECTED(00000003)
> SSL_connect:before/connect initialization
> write to 080F3FE0 [080F4038] (109 bytes => 109 (0x6D))
> 0000 - 80 6b 01 03 01 00 42 00-00 00 20 00 00 16 00 00   .k....B... .....
> 0010 - 13 00 00 0a 00 00 07 00-00 05 00 00 04 00 00 15   ................
> 0020 - 00 00 12 00 00 09 07 00-c0 05 00 80 03 00 80 01   ................
> 0030 - 00 80 08 00 80 06 00 40-00 00 14 00 00 11 00 00   .......@........
> 0040 - 08 00 00 06 00 00 03 04-00 80 02 00 80 1e ac 51   ...............Q
> 0050 - 03 fa 7f ee 95 f1 f9 7a-07 ec e8 3e 93 52 b6 7d   .......z...>.R.}
> 0060 - 68 ba 6a 49 0e 21 4a 8d-fb 59 e0 12 c1            h.jI.!J..Y...
> SSL_connect:SSLv2/v3 write client hello A
> read from 080F3FE0 [080F9598] (7 bytes => 7 (0x7))
> 0000 - 3c 21 44 4f 43 54 59                              <!DOCTY
> SSL_connect:error in SSLv2/v3 read server hello A
> 7459:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown 
>protocol:s23_clnt.c:463:

Sorry, I can only guess on the cause of your problem, but as a general hint
for debugging:
In the "read server hello A" you can see a cleartext "<!DOCTY". This is
obviously part of an HTML-page and not of a SSL handshake.
Are you sure that you do have an SSL-server on port 443? I would guess that
it is a normal "http" server, not "https". Please check your config-file.
Of course, the SSL protocol fails as soon as cleartext is mixed in and
the "connection reset" appears. I had some hard time with sslwrap learning
this, as s_client and s_server samples write debugging messages to stdout
and when called from inetd stdout is the SSL channel itself :-(.

Best regards,
        Lutz
-- 
Lutz Jaenicke                             [EMAIL PROTECTED]
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to