> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] <snipped> > > With the following error, what are the things that I need to check? > Thanks Mike > > > > openssl s_client -CAfile /etc/openldap/cacerts/ca-cert.crt -connect > xxx:636 > > CONNECTED(00000003) > > 24664:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert > handshake > > failure:s23_clnt.c:562: > Try to add "-debug -msg -state" flags to this command to get more verbose > output.
Mark, That does help. Thanks. It should have been obvious from the error message above but I been thrashing so much on this that I am not thinking clearly. I did speak with the OID admin and he tells me that we are using the default config set, which is encryption only - no server auth. I am not sure if this is the source of the ssl handshake failure. I'm checking with the OID admin now. Thanks again for your suggestion. I hope this isn't too much off topic for this group. Mike +++++++++SUCCESSFUL SSL CONNECTION ON PORT 443+++++++++ # openssl s_client -CAfile /etc/openldap/cacerts/ca-cert.crt -connect xxx:443 -state CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A <response snipped> SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read finished A --- +++++++++SSL HANDSHAKE FAILURE ON PORT 636+++++++++ # openssl s_client -CAfile /etc/openldap/cacerts/ca-cert.crt -connect xxx:636 -state CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL3 alert read:fatal:handshake failure SSL_connect:error in SSLv2/v3 read server hello A 1460:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:562: ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
