I have a Web server written around OpenSSL. My own OpenSSL-based client
connects to my server just fine, and MSIE connects fine without SSL, but
when I try to use SSL from the browser (by specifying https://localhost/
<https://localhost/> as the URL Address), it won't negotiate a connection.
The browser will connect to the port, my server will accept the connection
and set up the SSL session, and when my server attempts to read the
browser's request, it hangs in SSL_read(), presumably because the browser
never sends anything. The browser, meanwhile, is just "spinning its globe"
to indicate communication, but nothing ever happens. It looks to me like
both my server and the browser are in a "read" state, so the thing is
deadlocked.
How is it supposed to work? My Web server is set up to be use the "Server"
mode of SSL (using SSL_set_accept_state and SSLv3_server_method()), and it's
trying to use anonymous SSL (DH, no certificates or private keys). The
cipher suite to use is specifically set via:
SSL_CTX_set_cipher_list (pctxSSLContext, "!DEFAULT:ADH-DES-CBC3-SHA");
Is this wrong? How should my server be set up to let Browsers connect to
it?
Thanks for the help,
Bill Rebey
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
