On Mon, Dec 04, 2000 at 04:34:52PM -0800, Jeffrey Ricks wrote:
[...]
> If I use my java client with the DES-CBC3-SHA cipher, everything works
> fine. It's when I use that cipher with any openssl-based apps
> (including s_client) that things don't work. If I run this:
>
> openssl s_client -connect myserver:443 -cert /tmp/s_client.crt -key
> /tmp/s_client.key -CAfile /tmp/s_clientCA.crt -tls1 -cipher
> DES-CBC3-SHA -state
>
> I get the following output:
> .
> .
> .
> GET /servlets/TestServlet HTTP/1.0 (I type this)
>
> SSL_connect:SSL renegotiate ciphers
> SSL_connect:SSLv3 write client hello A
> SSL_connect:SSLv3 read server hello A
> SSL_connect:SSLv3 read server certificate A
> SSL3 alert write:fatal:illegal parameter
> SSL_connect:error in SSLv3 read server key exchange A
> 27309:error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message
> size:s3_both.c:302:
>
> and the following shows up in my ssl_request_log:
>
> [04/Dec/2000:18:55:07 -0500] ipaddress TLSv1 (NONE) "GET
> /servlets/TestServlet HTTP/1.0" 289
>
> Notice the missing (NONE) cipher suite.
[...]
> [..] The DES-CBC3-SHA cipher only works if client authentication is off.
What happens if you connect to s_server instead, using options
similiar to that server's configuration?
--
Bodo Möller <[EMAIL PROTECTED]>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
