Thanks .. the information was helpful .. i found one patch which resolves this issue .. ( Please read the Disclaimer) <http://rt.openssl.org/Ticket/Display.html?id=696&user=guest&pass=guest> http://rt.openssl.org/Ticket/Display.html?id=696&user=guest&pass=guest
i applied that patch and sslv2 client was able to do successful communication without passing the certificate .. Request you all to review the patch and let us know your thoughts on it ... Thanks Anil On Wed, Apr 8, 2009 at 6:06 AM, Dave Thompson < dave.thomp...@princetonpayments.com> wrote: > > From: owner-openssl-us...@openssl.org On Behalf Of Anil Tambe > > Sent: Tuesday, 07 April, 2009 03:23 > > i am using the latest openssl 0.9.8k. the -verify option works fine > > with ssl3 , but handshake fails if i use -ssl2 . > > > ./openssl s_server -verify 0 -debug > > > ./openssl s_client -ssl3 -debug [ works fine .] > > > > ./openssl s_client -ssl2 > (snip certs) > > 22360:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake > failure:s2_pkt.c:428: > > Use -msg and you should see before that something like > <<< SSL 2.0 [length 0012], REQUEST-CERTIFICATE > 07 01 69 de b1 89 f9 f4 db 0d 12 f2 34 3b 1a a5 > 50 90 > >>> SSL 2.0 [length 0003], ERROR: NO-CERTIFICATE-ERROR > 00 00 02 > > or look at the server output and you should see > 10233:error:140710CA:SSL routines:REQUEST_CERTIFICATE:peer error no > certificate:s2_pkt.c:675: > > Apparently SSLv2 doesn't support optional client auth; > if the server requests it (which s_server -verify does) > the client must provide it (so give it -key & pw & -cert). > > v2 is way old, and less functional in numerous ways. > This is apparently one, although I didn't remember it > specifically. Prefer v3/TLS if you have a choice. > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
