Ok I added debugging code and it gives me this; 27559:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1006:
What does that mean from a configuration point of view? I have the default openssl package installed and also the cacert.org.pem-file in the correct place. On Thu, May 14, 2009 at 01:58:13PM +0200, Folkert van Heusden wrote: > ssldump gives me the following information: > > belle:/home/folkert# ssldump -a -A -H -k Personal/src/https2http/key.pem -i lo > New TCP connection #1: localhost(33455) <-> localhost(996) > 1 1 0.0001 (0.0001) C>S SSLv2 compatible client hello > Version 3.1 > cipher suites > Unknown value 0x39 > Unknown value 0x38 > Unknown value 0x35 > TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA > TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA > TLS_RSA_WITH_3DES_EDE_CBC_SHA > SSL2_CK_3DES > Unknown value 0x33 > Unknown value 0x32 > Unknown value 0x2f > SSL2_CK_RC2 > TLS_RSA_WITH_RC4_128_SHA > TLS_RSA_WITH_RC4_128_MD5 > SSL2_CK_RC4 > TLS_DHE_RSA_WITH_DES_CBC_SHA > TLS_DHE_DSS_WITH_DES_CBC_SHA > TLS_RSA_WITH_DES_CBC_SHA > SSL2_CK_DES > TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA > TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA > TLS_RSA_EXPORT_WITH_DES40_CBC_SHA > TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 > SSL2_CK_RC2_EXPORT40 > TLS_RSA_EXPORT_WITH_RC4_40_MD5 > SSL2_CK_RC4_EXPORT40 > 1 2 0.0030 (0.0028) S>CV3.1(2) Alert > level fatal > value handshake_failure > 1 0.0031 (0.0001) C>S TCP FIN > 1 0.0039 (0.0008) S>C TCP FIN > > > On Wed, May 13, 2009 at 06:21:18PM +0200, Folkert van Heusden wrote: > > Hi, > > > > I have an ssl server. Really simple; > > > > // init > > SSL_library_init(); > > SSL_load_error_strings(); > > bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); > > meth = SSLv23_server_method(); > > ctx = SSL_CTX_new(meth); > > SSL_CTX_use_certificate_chain_file(ctx, > > "/home/folkert/Personal/src/server.pem"); > > > > // accept > > socket_h_from = accept(); > > sbio = BIO_new_socket(socket_h_from, BIO_NOCLOSE); > > ssl_h_from = SSL_new(server_ctx); > > SSL_set_bio(ssl_h_from, sbio, sbio); > > int rc = SSL_accept(ssl_h_from); > > > > Now when I connect using telnet -z ssl to that port, the connection is > > dropped. > > I did a debug-session with openssl and got this: > > > > folk...@belle:~$ openssl s_client -connect localhost:996 -state -debug > > CONNECTED(00000003) > > SSL_connect:before/connect initialization > > write to 0x1923850 [0x1924d40] (118 bytes => 118 (0x76)) > > 0000 - 80 74 01 03 01 00 4b 00-00 00 20 00 00 39 00 00 .t....K... ..9.. > > 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............ > > 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 05 00 ..3..2../....... > > 0030 - 00 04 01 00 80 00 00 15-00 00 12 00 00 09 06 00 ................ > > 0040 - 40 00 00 14 00 00 11 00-00 08 00 00 06 04 00 80 @............... > > 0050 - 00 00 03 02 00 80 ad 40-e1 d0 43 ad a8 5b 4d d5 .......@..c..[m. > > 0060 - 68 a3 b0 b0 45 38 d8 0d-0d cf 5a 90 bc 3e e3 37 h...E8....Z..>.7 > > 0070 - 19 71 17 2d 0a 09 .q.-.. > > SSL_connect:SSLv2/v3 write client hello A > > read from 0x1923850 [0x192a2a0] (7 bytes => 7 (0x7)) > > 0000 - 15 03 01 00 02 02 28 ......( > > SSL3 alert read:fatal:handshake failure > > SSL_connect:error in SSLv2/v3 read server hello A > > 32584:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert > > handshake failure:s23_clnt.c:578: > > > > What is it that I'm doing wrong here? > > > > Thanks. > > > > > > Folkert van Heusden > > > > -- > > > > Multitail - gibkaja utilita po sledovaniju log-fajlov i vyvoda > > kommand. Fil'trovanie, raskra?ivanie, slijanie, vizual'noe sravnenie, > > i t.d. http://www.vanheusden.com/multitail/ > > ---------------------------------------------------------------------- > > Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.com > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > > Folkert van Heusden > > -- > > Multitail - gibkaja utilita po sledovaniju log-fajlov i vyvoda > kommand. Fil'trovanie, raskra?ivanie, slijanie, vizual'noe sravnenie, > i t.d. http://www.vanheusden.com/multitail/ > ---------------------------------------------------------------------- > Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.com > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org Folkert van Heusden -- MultiTail är en flexibel redskap för att fälja logfilar, utför av commandoer, filtrera, ge färg, sammanfoga, o.s.v. följa. http://www.vanheusden.com/multitail/ ---------------------------------------------------------------------- Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
