[EMAIL PROTECTED] writes: > I can talk to sw40.pacbell.com via netscape and IE5 (https://sw40.pacbell.com/) > but not via LWP::request, nor, Net::SSLeay (probably for the same reason). > > Does this error indicate something is wrong on their server, or something > is wrong in Net::SSLeay? > please help! I cant find any way round this.. > > SSL_connect 30470: 1 - error:1408D06E:SSL routines:SSL3_GET_KEY_EXCHANGE:bad dh p >length > ok 9 sw40.pacbell.com () >From error message I'd judge that its trying to use Diffie Hellman based authentication instead of RSA. That would be pretty exotic in deed and although this in theory should work with OpenSSL, I wouldn't be surprised if it does not work in real life. If they really are using DH, you should inform OpenSSL development team so they can test interoperability against it. At any rate I made following experiments perl -MNet::SSLeay -MData::Dumper -e '$Net::SSLeay::ssl_version=2; print Dumper Net::SSLeay::get_https("sw40.pacbell.com", 443, "/")' This fails with ssl handshake failure error code. perl -MNet::SSLeay -MData::Dumper -e '$Net::SSLeay::ssl_version=3; print Dumper Net::SSLeay::get_https("sw40.pacbell.com", 443, "/")' This works to the extent that the server sends a forbidden response, so perhaps its once again the OpenSSL SSL version detection heuristic being incompatible with some servers (SilverStream Server/3.0 in this case). --Sampo > > thanks a lot! > -Justin > > -- > Justin Beech, owner, http://www.dslreports.com, the best dsl directory! > Ph: 1 212 706 9129 (ah), or 1 917 749 8968 (anytime). Email: [EMAIL PROTECTED] > See http://www.dslreports.com/r3/dsl/contacts for more contact info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
