Lutz,
I grabbed ssldump and captured some output. Unfortunately, it doesn't
look like it has uncovered any secrets.
This is where I am now:
If I run:
openssl s_client -connect voodoo:443 -cert /tmp/s_client2.crt -key
/tmp/s_client2.key -CAfile /tmp/s_clientCA.crt -tls1 -cipher
EDH-RSA-DES-CBC3-SHA -state
with client authentication both off and on at the server, it works
fine.
If I run (note that I'm using the same certs/keys as above):
openssl s_client -connect voodoo:443 -cert /tmp/s_client2.crt -key
/tmp/s_client2.key -CAfile /tmp/s_clientCA.crt -tls1 -cipher
DES-CBC3-SHA -state
with client authentication off at the server, it works fine. If I turn
client authentication on at the server, it doesn't work and fails with
t he following error:
.
.
.
SSL_connect:SSLv3 read server certificate A
SSL3 alert write:fatal:illegal parameter
SSL_connect:error in SSLv3 read server key exchange A
7388:error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message
size:s3_both.c:302:
I've changed my server config to accept connections with all cipher
suites.
I've packaged up four log files (two from s_client and two from
ssldump) that I haven't attached but that I'd like to send to you to
see if you see anything out of the ordinary. If that would be ok,
please let me know your address and preferred format.
Thanks,
Jeff
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
