On Mon, Dec 04, 2000 at 04:34:52PM -0800, Jeffrey Ricks wrote:
> GET /servlets/TestServlet HTTP/1.0 (I type this)
>
> SSL_connect:SSL renegotiate ciphers
> SSL_connect:SSLv3 write client hello A
> SSL_connect:SSLv3 read server hello A
> SSL_connect:SSLv3 read server certificate A
> SSL3 alert write:fatal:illegal parameter
> SSL_connect:error in SSLv3 read server key exchange A
> 27309:error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message
> size:s3_both.c:302:
Here there is a hard error and an alert (closing message) is sent to the
client.
> and the following shows up in my ssl_request_log:
>
> [04/Dec/2000:18:55:07 -0500] ipaddress TLSv1 (NONE) "GET
> /servlets/TestServlet HTTP/1.0" 289
>
> Notice the missing (NONE) cipher suite.
The handshake failed, so there is no connection established at all.
Hence there is no cipher :-)
Trying to reproduce your problem I just performed the following steps:
* openssl s_server -key ws01_key.pem -cert ws01_cert.pem -Verify 2 -CAfile CAcert.pem
* openssl s_client -key ws01_key.pem -cert ws01_cert.pem -connect localhost:4433
-cipher DES-CBC3-SHA -CAfile CAcert.pem
* Success with
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
...
I am running OpenSSL 0.9.6, if that matters...
The keys and certificates are generated by OpenSSL (demoCA), standard setup
with one CA signing all keys, certificate purpose not restricted.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
