The SSL_set_cipher_list() call is in the wrong format. Please look at the man page for 'ciphers(3ssl)'.
-Kyle H On Wed, May 6, 2009 at 6:06 PM, Vivek Mathew -X (vivmathe - WIPRO at Cisco) <vivma...@cisco.com> wrote: > Hi David & OpenSSL-users, > > We did compile against the new header files. > > I checked this a little more on the Server side. On the Server side, I use > IIS 6.0. > It looks like even before it hits my Server side code, Windows may be > cutting the TCP connection. > The Server has Windows Server 2003, Enterprise Edition, Service Pack 2 > v.4354 as the Operating System. > > There is an error logged in Windows Event Viewer, with the following > description on the Server machine when the client tries to connect to it. > And the surprising part is that this Error is not logged again in Event > Viewer, for subsequent client connect requests, although from the client > side the error remains the same. This would continue until I reboot my > server, which would then again log the error in Event Viewer for the first > client connection request. > > The Event Viewer Error is:- > > ********************************************************************************************************************************************************************************* > Event Type: Error > Event Source: Schannel > Event Category: None > Event ID: 36874 > Date: 5/7/2009 > Time: 12:03:59 AM > User: N/A > Computer: CISCO80 > Description: > An SSL connection request was received from a remote client application, but > none of the cipher suites supported by the client application are supported > by the server. The SSL connection request has failed. > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > ********************************************************************************************************************************************************************************* > > I also found a potential problem which may be causing the issue here. > My client side application uses the following SSL_set_cipher_list( ) > function call before calling the SSL_connect( ). > > *********************************************************************************************************** > SSL_set_cipher_list(m_ssl,"TLS_RSA_WITH_AES_128_CBC_SHA -- AES128-SHA"); > SSL_set_fd(m_ssl, m_socket); > SSL_set_connect_state(m_ssl); > result = SSL_connect(m_ssl); > *********************************************************************************************************** > > Commenting out SSL_set_cipher_list( ) on the client side, lets the client > connect successfully to the Server. Which means if the client is allowed to > make use of the default cipher suite during SSL handshake, then there is no > problem. > > That brings me to my next question. > Were there any specific changes made around SSL_set_cipher_list( ) function > that could be causing an issue with the new OpenSSL library 0.9.8j? > The same code has been working perfectly with 0.9.7d earlier. > > Any thoughts on how we get around or fix this issue? Or whether I may have > missed out something during my compilation of OpenSSL? > Thanks in advance. > > Regards, > Vivek > > P.S. - I have already checked the Microsoft website for an update on > Schannel.dll, where there have added support for clients making use of > "TLS_RSA_WITH_AES_128_CBC_SHA -- AES128-SHA". > http://support.microsoft.com/kb/948963 > > However, with the same environment, all works fine with my client side > compiled against the old OpenSSL libs. > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > >> Hi Srinivas, > >> We compiled our code with the new version of lib files from >> openssl-0.9.8j version and replaced the new client dll's. >> Is any specific step has to be followed? > >> Regards, >> Sweta > > Did you compile against the new header files? > > The client is saying the server cut the TCP connection. What does the server > say? > > DS > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
