On Wed, Dec 06, 2000 at 01:13:32PM -0800, Jeffrey Ricks wrote:
> openssl s_client -connect voodoo:443 -cert /tmp/s_client2.crt -key
> /tmp/s_client2.key -CAfile /tmp/s_clientCA.crt -tls1 -cipher
> DES-CBC3-SHA -state
> with client authentication off at the server, it works fine. If I turn
> client authentication on at the server, it doesn't work and fails with
> t he following error:
> SSL_connect:SSLv3 read server certificate A
> SSL3 alert write:fatal:illegal parameter
> SSL_connect:error in SSLv3 read server key exchange A
> 7388:error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message
> size:s3_both.c:302:
> I've packaged up four log files (two from s_client and two from
> ssldump) that I haven't attached but that I'd like to send to you to
> see if you see anything out of the ordinary. If that would be ok,
> please let me know your address and preferred format.
I don't care for the format, attachment is OK. My address is in my
.signature. While trying to track this down, it may be necessary
to access your site, even with a client certificate you issued for me.
Heck, ssldump should already have deciphered the data transfer for
DES-CBC3-SHA with your server's private key. If not, either please
do so or hand me your server's private key :-) Of course only, if this is
a test setup without any important data or security implications....
In any case, you can find my PGP and S/MIME key on my hompages, so
that you can encrypt important data. I prefer PGP, as I can directly
use it with mutt, but I can fire up Netscape Messenger to unpack S/MIME, too.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
