Dear Lutz,
Thanks for the insight. Well it took about 1 minute after which the
connection got closed. So that means the connection got timed out
-----------------------------------------------------------------------------------------------------------------------------
And Please see below the output for the command below.
------------------------------------------------------------------------------------------------------------------------------
COMMAND: [EMAIL PROTECTED]:/home/Me/test>openssl s_client -connect
remote_server.
com:8444
------------------------------------------------------------------------------------------------------
CONNECTED(00000004)
depth=0 /C=US/ST=London/L=Palace House/O=ABCbank/OU=ZIT-A CMA BOS
(2.3.5.1)/CN=shsvd3a.gde
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=UK/ST=London/L=Palace House/O=ABCbank/OU=ZIT-A CMA BOS
(2.3.5.1)/CN=shsvd3a.gde
verify return:1
---
Certificate chain
0 s:/C=UK/ST=London/L=Sherborne House/O=ABCbank/OU=ZIT-A CMA BOS
(2.3.5.1)/CN=shsvd3a.gde
i:/C=UK/ST=London/L=Palace House/O=ABCbank/OU=ZIT-A CMA BOS
(2.3.5.1)/CN=shsvd3a.gde
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICgDCCAekCBETYvTYwDQYJKoZIhvcNAQEEBQAwgYYxCzAJBgNVBAYTAlVLMQ8w
DQYDVQQIEwZMb25kb24xGDAWBgNVBAcTD1NoZXJib3JuZSBIb3VzZTEUMBIGA1UE
ChMLQ29tbWVyemJhbmsxIDAeBgNVBAsTF1pJVC1BIENNQSBCT1MgKDIuMy41LjEp
MRQwEgYDVQQDEwtzaHN2ZDNhLmdkZTAeFw0wNjA4MDgxNjM1MDJaFw0yMzAxMTEx
NjM1MDJaMIGGMQswCQYDVQQGEwJVSzEPMA0GA1UECBMGTG9uZG9uMRgwFgYDVQQH
Ew9TaGVyYm9ybmUgSG91c2UxFDASBgNVBAoTC0NvbW1lcnpiYW5rMSAwHgYDVQQL
ExdaSVQtQSBDTUEgQk9TICgyLjMuNS4xKTEUMBIGA1UEAxMLc2hzdmQzYS5nZGUw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqFdZrLVDXMgrnX7ne6IfRqo38C
ODn2vXMiy+khDVLUDxPh0qsMmV03loPhzwLNviBhxxamiBbtsXXe6ztXf09LOmtu
g4UTQUXuBTaBqsOivqZBmr2Nxaq9j7Ma3dVG+dAsgfSgzn5h78sWfQkD+hX6DCXR
xFxP2Ls1wrnJ5Ia9AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAgfOx7UeISfuw04OU
EC4Ur5uNPE2kQ92KSNgLRJMZ/xQYjZVmCWSOEJVO+NrLWuO6Mv86cnKPLBWnCRFe
GYm9EIbMKDExs8QWU0+gYkUHBHjtWbMYIeiFNUFBQvr+rqINdci2L52jRbLeWPgY
HK+zxEoiBFpbDEciVFUzyq1XTeA=
-----END CERTIFICATE-----
subject=/C=UK/ST=London/L=Palace House/O=ABCbank/OU=ZIT-A CMA BOS
(2.3.5.1)/CN=shsvd3a.gde
issuer=/C=UK/ST=London/L=Palace House/O=ABCbank/OU=ZIT-A CMA BOS
(2.3.5.1)/CN=shsvd3a.gde
---
No client certificate CA names sent
---
SSL handshake has read 1185 bytes and written 338 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID:
46726624C4EB38AE5973400F43D1FFEBD885BD16DD48F5DBAE4139F20421FAA0
Session-ID-ctx:
Master-Key:
E94EEF3AF384401AE38F2777EF80C490D83F9846F9949E226C6386273E552ED74B3E5CB55D92AF751A423F3341E9970A
Key-Arg : None
Start Time: 1181902372
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
QUIT
DONE
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Thanks in advance for your feedback
Regards,
Vishal Vashishta
Tata Consultancy Services
Mailto: [EMAIL PROTECTED]
Website: http://www.tcs.com
Lutz Jaenicke <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
06/15/2007 03:11 PM
Please respond to
openssl-users@openssl.org
To
openssl-users@openssl.org
cc
Subject
Re: SSL: Not Able to Connect with Secure Site from C++ / Solaris
Vishal V wrote:
>
> Dear Zack,
> Thanks for your inputs but I think the problem lies somewhere else
>
> Please see the analysis result below
>
> *1. Telnet Result:*
> Server>>telnet remote_server.com 8444
> Trying 140.11.111.11...
> *Connected to remote_server.com.*
> Escape character is '^]'.
> Connection closed by foreign host.
>
> Does it mean that the the connectivity OK (Please see Brown Bold text
> above). Kindly suggest
>
> **
It means "maybe ok". It seems that the TCP connection is successfully
established. The SSL handshake now would have to be continued by
the client by sending the ClientHello message.
How long does it take until the connection is closed by the foreign host?
If it takes just a few seconds, the server does have a problem (server
process
is crashing or tcpwrapper/libwrap is used and your connection is not
allowed). In this case there probably is nothing you can do about it.
If it takes 30 seconds or more the server most likely did shut down
the connection as it did not see the ClientHello and timed out. In this
case
the next testing step would be to use s_client to see how far the
SSL connection can be negotiated.
Best regards,
Lutz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
ForwardSourceID:NT0001616E
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
