On Wed, Jan 28, 2009 at 09:16:18PM -0500, Georges-Etienne Legendre wrote:
> Can you help me out?
>
> When I execute:
> openssl s_client -connect 204.101.57.74:443
>
> I'm getting this error:
> 47620:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type
> is not 01:rsa_pk1.c:100:
> 47620:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check
> failed:rsa_eay.c:697:
> 47620:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad
> signature:s3_clnt.c:1448:
>
> Apache 2.2.3 is handling the request, compiled with OpenSSL 0.9.8i.
>
> It does the same if I use another certificate (self-signed). I must be an
> Apache / OpenSSL problem. From the browser (Firefox) the certificate is
> accepted.
Firefox negotiates 128-bit RC4-SHA in preference to 3DES, it probably
rates 3DES as a 112-bit cipher. While s_client rates 3DES as a 168-bit
cipher and the server's 3DES implementation is broken. Is the server
running Apache on Windows based on Microsoft's CryptoAPI?
Try:
$ openssl s_client -cipher 'DEFAULT:!3DES' ...
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
