On Tue, May 09, 2006, Adam Ringel wrote:

> Interestingly enough, we found out why the connection is failing. However, 
> we are not sure why openssl doesn't detect it as an error.
> After we send the first hand-shake of the SSL negotiation to the server, 
> we get a RST (ECONNRESET) on the subsequent read for the server's 
> response.
> We're not sure why right now but we think a piece of network equipment 
> (e.g. a firewall) is detecting an FTP session but gets confused when the 
> encrypted data starts and kills the connection.
> 

Maybe the negotiation isn't quite right. I'm not familiar with the protocol
but it may have to be byte perfect so the client doesn't send any additional
characters when the server is expecting a handshake *and* the client swallows
the precise number of characters so the server response doesn't get mixed up.

Though I'd expect a different error if the latter was the case.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to