Hi David & OpenSSL-users, We did compile against the new header files. I checked this a little more on the Server side. On the Server side, I use IIS 6.0. It looks like even before it hits my Server side code, Windows may be cutting the TCP connection. The Server has Windows Server 2003, Enterprise Edition, Service Pack 2 v.4354 as the Operating System. There is an error logged in Windows Event Viewer, with the following description on the Server machine when the client tries to connect to it. And the surprising part is that this Error is not logged again in Event Viewer, for subsequent client connect requests, although from the client side the error remains the same. This would continue until I reboot my server, which would then again log the error in Event Viewer for the first client connection request. The Event Viewer Error is:- ************************************************************************ ************************************************************************ ********************************* Event Type: Error Event Source: Schannel Event Category: None Event ID: 36874 Date: 5/7/2009 Time: 12:03:59 AM User: N/A Computer: CISCO80 Description: An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp <http://go.microsoft.com/fwlink/events.asp> . ************************************************************************ ************************************************************************ ********************************* I also found a potential problem which may be causing the issue here. My client side application uses the following SSL_set_cipher_list( ) function call before calling the SSL_connect( ). ************************************************************************ *********************************** SSL_set_cipher_list(m_ssl,"TLS_RSA_WITH_AES_128_CBC_SHA -- AES128-SHA"); SSL_set_fd(m_ssl, m_socket); SSL_set_connect_state(m_ssl); result = SSL_connect(m_ssl); ************************************************************************ *********************************** Commenting out SSL_set_cipher_list( ) on the client side, lets the client connect successfully to the Server. Which means if the client is allowed to make use of the default cipher suite during SSL handshake, then there is no problem. That brings me to my next question. Were there any specific changes made around SSL_set_cipher_list( ) function that could be causing an issue with the new OpenSSL library 0.9.8j? The same code has been working perfectly with 0.9.7d earlier. Any thoughts on how we get around or fix this issue? Or whether I may have missed out something during my compilation of OpenSSL? Thanks in advance. Regards, Vivek P.S. - I have already checked the Microsoft website for an update on Schannel.dll, where there have added support for clients making use of "TLS_RSA_WITH_AES_128_CBC_SHA -- AES128-SHA". http://support.microsoft.com/kb/948963 However, with the same environment, all works fine with my client side compiled against the old OpenSSL libs. ------------------------------------------------------------------------ ------------------------------------------------------------------------ ------------------------------------------------------------------------ ------------------- > Hi Srinivas,
> We compiled our code with the new version of lib files from > openssl-0.9.8j version and replaced the new client dll's. > Is any specific step has to be followed? > Regards, > Sweta Did you compile against the new header files? The client is saying the server cut the TCP connection. What does the server say? DS
