Thanks everyone for the help, I think I am getting closer. All of the SSL has been removed from the listener (makes much more sense to me now), and the Init routine has had CRYPTO_malloc_init() and ENGINE_load_builtin_engines() added (it already had the other "basic" routines).
When I use my client to connect to s_server, everything works. When I try to use s_client to connect to my server, I get a few errors: verify error:num=18:self signed certificate 9083:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure... This is happening on the SSL_accept, everything up until that point seems to be OK. Both sides are using TLS1. The certificate and key were just generated for testing purposes, we'll be using something else in production but I don't have access to all that right now. I believe I should be able to get this working with just the quick/dirty key and cert. Any insight is appreciated. Thanks On Thu, Jan 22, 2009 at 7:07 PM, Victor Duchovni < victor.ducho...@morganstanley.com> wrote: > On Thu, Jan 22, 2009 at 08:51:20PM -0500, Dave Thompson wrote: > > > Except as noted above, this sounds reasonable. I assume you realize > > that ALL includes, and could possibly negotiate, some weak ciphers; > > but since you're explicitly adding eNULL you apparently don't care. > > It certainly should be able to negotiate SOMETHING. > > Also, before 0.9.9, ALL may not be properly ordered by default, it > really is safer to use: > > a...@strength > > if one wants to use aNULL ciphers whenever mutually acceptable (i.e. > nobody is checking certificates anyway), then: > > aNULL:ALL:@STRENGTH > > is needed to put the aNULL (aka ADH) ciphers first (within each bit > strength category). > > -- > Viktor. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
