On Thu, Dec 28, 2000 at 03:46:15PM -0500, Louis LeBlanc wrote:
> Hey all. I am trying to determine in my client app if a handshake fails
> because the client and server are not supporting any common ciphers.
,..
> which is gleaned from studying docs and sample code. When we test
> it with s_server using no common cipher suites, it returns the following:
>
> error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
> failure
>
> This is, of course only when we have a cipher mismatch - we haven't gotten
> this message in any other scenario. Is there any way to get the specific
> message from the OpenSSL library? or does this specific case encompass
> multiple scenarios? If the latter is true, is there some way we can narrow
> down this case?
I have had another look into the TLS standard (RFC2246) before answering.
There is no possibility for the _client_ to get any more information than
that. The _server_ should know better and log more specific information.
It however has to send an alert to the client as specified in the RFC,
and there only certain types of information are listed (please check
section A.3). Handshake failure is the only appropriate type of alert
to be sent and it does not allow a more specific information.
As it seems to me, it is not possible from the client side to get
the information you want: whether a "handshake failure" was issued because
of "no shared cipher" or for some other reason.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
