RE: Cipher negotiation failure

mandyam Wed, 30 Aug 2000 13:19:04 -0700
Thanks. I noticed that I do have the following code in my server app.
-----------------------------------------------------
err = SSL accept(ssl);
if (err==-1) {
   ERR_print_errors_fp(stderr);
   return err;
}
>>>>>>>> SSL_get_cipher(ssl) returns NONE;

At this point I issue SSL_get_peer_certificate() and I am able to read
the client's (or server's) certificate and print it.
-------------------------------------------------------------
I do have the same code for SSL_connect() on my client..

Does the SSL_accept/connect() function return error values other than -1?

I also noticed that after cipher=NONE, the SSL_read() call hangs in the
server.

-----Original Message-----
From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 30, 2000 2:20 PM
To: [EMAIL PROTECTED]
Cc: mandyam
Subject: Re: Cipher negotiation failure


[moved to openssl-users]

On Wed, Aug 30, 2000 at 01:07:45PM -0500, mandyam wrote:
> I have a simple client-server app. performing both client and server
> authentication using the 9.5a toolkit. I am forcing the server to use
> DES-CBC3-SHA by calling
>                            SSL_set_cipher_list(ssl, "DES-CBC3-SHA").
>
> My client-server app. runs for a day and then suddenly fails to negotiate
> ciphers. SSL_get_cipher() returns NONE.
>
> Why does this happen? Why isn't the client using the only cipher the
server
> wants to use?

Are you sure your analysis is correct? The SSL_get_cipher() call will return
NONE if the TLS handshake failed, so you may only see the symptom, not
the reason of your problem.
Please check the return values of your SSL_connect()/accept() calls
and check the error stack for error messages.
The OpenSSL library routines will always log an error message when something
is going wrong.

Best regards,
        Lutz
--
Lutz Jaenicke                             [EMAIL PROTECTED]
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
RE: Cipher negotiation failure

Reply via email to
