Hello all,
I still have the same problem: I have my TLS server and we still have our unsucessful connection attempts with a remote peer in Holland. SSL dump logs the following (this time, it slightly change, there's no "Unknown SSL content type 114", even if the client trying to connect is the same as in my last mail):
1 1 1.1476 (1.1476) S>C Handshake
ServerHello
Version 3.1
session_id[32]=
1e 6f 68 34 21 d2 55 18 5f 8e 27 2a 3d 46 8a 41
85 5b 5a 9d 49 e0 47 e0 77 10 8e ff 7b 39 4d d1
cipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA
compressionMethod NULL
1 2 1.1476 (0.0000) S>C Handshake
Certificate
1 3 1.1476 (0.0000) S>C Handshake
CertificateRequest
certificate_types rsa_sign
certificate_types dss_sign
ServerHelloDone
1 1.9969 (0.8492) C>S TCP FIN
1 1.9992 (0.0022) S>C TCP FINSo, it seems like the client does not send anything else as a TCP FIN. I don't understand how it can be.
The guy showed me, through a ssldump that he made locally with a remote peer, that his implementation
seems correct, sending the client hello, using the same TLS cipher as me, and all the stuff. But I receive nothing from him (is it normal that I send a ServerHello and some other stuff as I didn't receive any ClientHello? Does this occur after a timeout?). I think that my implementation is not faulty because several clients connect to my server without problem since more than one year. The certificates the guy use are also correct. The only remaining possibility I see is the guy has something faulty in his implementation. But how can I prove this to him (I heard it's posssible to have your SSL solution "officially" proofed)? And does someone has a clue which possible eerror causes could I further investigate, and how? Please, SSL knights, rescue me!!! (much thanks to Mr Su and Mr Paillette for responding to my first request...)
--
Mit freundlichen Gruessen
Nicolas POCHAT-POCHATOUX - Dipl. Ing. System developper ATIS Systems Gmbh - Industriestr. 5 - 61352 BAD HOMBURG - GERMANY office: +49 (0)6172 - 106399 mobile: +49 (0)178 502 4521
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
