Hi,
Just to clarify a bit, the application tests cipher suites. Basically, the
server is initialized with all ciphers then the client repeatedly connects
using one and only one of the ciphers and determines if the connection is
possible.
My debug info for both sides of the communication at the point of failure
is: (note, this varies, sometime early failure... sometimes late)
OpenSSL server:
...
[ openssl: transport
thread: 1408
state: accept
details: before/accept initialization ]
[ openssl: transport
thread: 1408
state: accept
details: SSLv3 read client hello A ]
[ openssl: transport
thread: 1408
state: accept
details: SSLv3 write server hello A ]
[ openssl: transport
thread: 1408
state: accept
details: SSLv3 write certificate A ]
[ openssl: transport
thread: 1408
state: accept
details: SSLv3 write certificate request A ]
[ openssl: transport
thread: 1408
state: accept
details: SSLv3 flush data ]
[ openssl: transport
thread: 1456
state: undefined
alert: write fatal
details: handshake failure ]
[ openssl: transport
thread: 1408
state: undefined
alert: write fatal
details: illegal parameter ]
[ openssl: transport
thread: 1408
state: accept
error: SSLv3 read client certificate A ]
SSL_get_error() reports: 1
[ openssl: error queue (position 0)
thread: 1408
library: SSL routines
function: SSL3_GET_MESSAGE (.\ssl\s3_both.c:418)
reason: excessive message size ]
iSaSiLk client:
...
ssl_debug(8): Starting handshake (iSaSiLk 3.03 Evaluation Version)...
ssl_debug(8): Sending v3 client_hello message, requesting version 3.1...
ssl_debug(8): Received v3 server_hello handshake message.
ssl_debug(8): Server selected SSL version 3.0.
ssl_debug(8): Server created new session BD:77:09:20:E8:58:22:E7...
ssl_debug(8): CipherSuite selected by server: SSL_RSA_WITH_DES_CBC_SHA
ssl_debug(8): CompressionMethod selected by server: NULL
ssl_debug(8): Received certificate handshake message with server certificate.
ssl_debug(8): Server sent a 1024 bit RSA certificate, chain has 2 elements.
ssl_debug(8): Received certificate_request handshake message.
ssl_debug(8): Accepted certificate types: RSA, DSA
ssl_debug(8): Accepted certificate authorities:
ssl_debug(8): (empty list)
ssl_debug(8): Received server_hello_done handshake message.
ssl_debug(8): Sending certificate handshake message with RSA client certificate...
ssl_debug(8): Sending client_key_exchange handshake message (1024 bit)...
ssl_debug(8): Sending certificate_verify handshake message...
ssl_debug(8): Sending change_cipher_spec message...
ssl_debug(8): Sending finished message...
ssl_debug(8): Sending alert: Alert Fatal: decode error
ssl_debug(8): Exception sending message: java.net.SocketException: Connection reset by
peer: socket write error
ssl_debug(8): Shutting down SSL layer...
ssl_debug(8): IOException while handshaking: Connection reset by peer: socket write
error
On Tue, Jan 16, 2001 at 03:44:54PM -0330, Cory Winter wrote:
> Hi,
>
> My threaded application fails during handshake when I use a C++ server and
> a Java client. The app doesn't always fail, just about 20% of the time. I
> have implemented the thread callbacks but this doesn't seem to help me any.
>
> Is it possible to do reads and writes using the same ssl structure with
> mulitple threads? Suppose the situation where an application has multiple
> worker threads which do the reading and writing to and from an ssl structure.
> I have made the calls to SSL_accept and SSL_connect thread safe myself but
> I'm wondering if this needs to be done for SSL_read and SSL_write as well.
>
> Take care,
> Cory
>
> --
> Cory Winter E-Mail: mailto:[EMAIL PROTECTED]
> Software Developer WWW: http://www.ooc.com/
> Object Oriented Concepts, Inc. Phone: (709) 738-3725
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
Cory Winter E-Mail: mailto:[EMAIL PROTECTED]
Software Developer WWW: http://www.ooc.com/
Object Oriented Concepts, Inc. Phone: (709) 738-3725
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
