The server must also be willing to support the same ciphersuite. In this case, the server probably doesn't have the AES ciphers enabled. (I hope that you only have TLS_RSA_WITH_NULL_SHA as a debugging aid, or have evaluated the risk of information disclosure against the security policy of your application system; if not, you really should either stop allowing it or actually do the risk evaluation.) SSL_ERROR_SSL is something of a generic error, and can be returned if there are no shared ciphers.
You can use ERR_print_errors() or ERR_print_errors_fp() to print information about the entire error queue, not just the top entry on the error stack. Make sure you use ERR_load_crypto_strings() and SSL_load_error_strings() (according to the docs, SSL_load_error_strings loads a superset of ERR_load_crypto_strings, but I tend to prefer knowing that all the strings are actually loaded rather than relying on a potentially-breaking documentation point) to get all the strings of all the problem codes so that ERR_print_errors[_fp]() can print useful information about the error queue. -Kyle H On Tue, Jun 16, 2009 at 11:03 PM, Thanh Lien<lien...@fsoft.com.vn> wrote: > > Hi all, > I've applied open ssl version 0.9.8d (64bit) to my application. In this > program, user can choose remote PC that he wants to connect. When setting > information of remote PC, user must specify the ciphersuite used by this PC. > There are 3 options for ciphersuite, including TLS_RSA_WITH_NULL_SHA, > TLS_RSA_WITH_3DES_CBC_SHA and TLS_RSA_WITH_AES_128_CBC_SHA. > My program runs normally with TLS_RSA_WITH_NULL_SHA, > TLS_RSA_WITH_3DES_CBC_SHA but TLS_RSA_WITH_AES_128_CBC_SHA doesn't. I've > checked and found that ssl_connect() failed and return error code is > SSL_ERROR_SSL. I dont know what the reason is. :(. > > Please help me.... > -- > View this message in context: > http://www.nabble.com/ssl_connect-failed-when-using-TLS_RSA_WITH_128_CBC_SHA-tp24067477p24067477.html > Sent from the OpenSSL - User mailing list archive at Nabble.com. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
