Hi, Thanks for the explanation of the data exchanged between the client and server.
>In response to client_hello we received ALERT protocol message >(record header 15 03 00 00 02 means: > 15 - alert protocol > 0300 - SSL3 alert protocol > 0002 - length of data (should be 2 - and it is :-) >and in ALERT data we have: > 02 - serverity level: fatal > 28 - description: handshake failure >this alert means that server can not accept client proposition >send in client_hello packet. >Client_hello packet here is very simple and in reality have only one >proposition: cipher suite SSL3_CK_RSA_DES_40_CBC_SHA. >For me this seems that server do not want to accept this >proposition because: > - do not have RSA support (maybe) > - do not have SHA support (maybe) > - do not have DES support (maybe) or DES40 is too weak. > >Best regards, >-- >Marek Marcola <[EMAIL PROTECTED]> Well ... as per my understanding, the cipher support is property of the crypto library. And my client and server both use the same crypto library. So I wonder why would the server reject the clients request. Are there any APIs that I can use in my server to get more debug information? Is it possible for me to enable/disable logging in the crypto library? Also, as we are on the topic, where could I get the information about the messages exchanged between server and client? The way you explained the data was really helpful. Thanks, ~ Urjit DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
