I think ur HP UX box is not able to get enough random data to seed its PRNG. Consider using the -rand option as suggested by the error message or figure out what is different in HP UX. Maybe the devices /dev/(u)random is not configured properly
randomness is very imp for cryptography --- Matthew Baron <[EMAIL PROTECTED]> wrote: > I'm writing a fairly simple program to do a HTTP > transaction over SSL using > openssl-0.9.8b. I compiled the libraries > specifically for each platform I > was working on (Fedora Core 4 and Solaris 8). > Everything was working fine. > > I compiled openssl-0.9.8b and my simple program for > HP-UX 11i. No problems > compiling openssl or my program. When I ran my > program on HP-UX 11i, I ran > into issues with SSL_connect (it was returning -1). > At first I thought I > was missing some sort of fine point in using the > openssl API. > > In the process of trying to figure out what the heck > was going on, I learned > about the "openssl" program and decided I would do a > test to see if that > worked. I ran the following on all three platforms > (see full samples > below): > > openssl s_client -connect www.fortify.net:443 -debug > -state > > Everything worked fine for Solaris and Linux but I > had (what seems to be) > connect issues on the HP box (I've actually compiled > and tested openssl and > my program on two different HP-UX 11i boxes). This > leads me to believe > there isn't necessarily something that I am doing > wrong with my programming. > > > Any thoughts? Any ideas on how I can get more > information into what is > going wrong? I've Googled the heck out of this and > have lots of other > people with issues with SSL_connect but I haven't > seen many issues where the > issues seemed to be platform dependent. > > > > "openssl s_client" on HP-UX 11i > [EMAIL PROTECTED]> ./openssl s_client -connect > www.fortify.net:443 -debug -state > warning, not much extra random data, consider using > the -rand option > CONNECTED(00000003) > SSL_connect:before/connect initialization > SSL_connect:error in SSLv2/v3 write client hello A > write:errno=0 > [EMAIL PROTECTED]> > > > "openssl s_client" on Fedora Core 4 > [EMAIL PROTECTED]> ./openssl s_client -connect > www.fortify.net:443 -debug > -state > CONNECTED(00000003) > SSL_connect:before/connect initialization > write to 080B2388 [080B23D0] (142 bytes => 142 > (0x8E)) > 0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 > 00 ......c... ..9.. > 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 > c0 8..5............ > 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 > 00 ..3..2../.....f. > 0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 > 00 .............c.. > 0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 > 40 b..a...........@ > 0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 > 00 ..e..d..`....... > 0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 8f > 80 ................ > 0070 - ad 65 3b d6 d7 bf 49 50-2e 79 07 87 52 6a 4b > e7 .e;...IP.y..RjK. > 0080 - 04 15 7f 50 a8 79 68 3f-ca aa 3e 2a 77 fa > ...P.yh?..>*w. > SSL_connect:SSLv2/v3 write client hello A > read from 080B2388 [080B7930] (7 bytes => 7 (0x7)) > 0000 - 16 03 01 00 4a 02 > ....J. > 0007 - <SPACES/NULS> > read from 080B2388 [080B7937] (72 bytes => 72 > (0x48)) > 0000 - 00 46 03 01 44 97 2a 6d-b0 0d bc 34 7f d6 d4 > 68 .F..D.*m...4...h > 0010 - 0b 99 c5 b7 3b df ef 72-a5 db cf 4d a7 b9 bc > 7e ....;..r...M...~ > 0020 - 93 ae 1e 28 20 2c 6f ec-e6 1e e8 9b 3c 66 75 > 6b ...( ,o.....<fuk > 0030 - 3a 1a d7 91 a0 f6 57 c8-22 b2 36 8f 2e a7 8f > 54 :.....W.".6....T > 0040 - 3f c1 a6 80 34 00 39 > ?...4.9 > 0048 - <SPACES/NULS> > SSL_connect:SSLv3 read server hello A > read from 080B2388 [080B7930] (5 bytes => 5 (0x5)) > 0000 - 16 03 01 08 eb > ..... > read from 080B2388 [080B7935] (2283 bytes => 2283 > (0x8EB)) > 0000 - 0b 00 08 e7 00 08 e4 00-04 99 30 82 04 95 30 > 82 ..........0...0. > 0010 - 03 fe a0 03 02 01 02 02-03 3d 51 9a 30 0d 06 > 09 .........=Q.0... > 0020 - 2a 86 48 86 f7 0d 01 01-05 05 00 30 81 ec 31 > 0b *.H........0..1. > > *** SNIP *** > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
